Cisco – Close port 80 & 443 on Cisco switch

ciscointernetswitch

Hi i have Cisco switch model 2960 48 ports i plane to disable three ports on it for Internet service. I want to know how can apply the command on port number 20,21and 23 to close port number 80&443 .

Best Answer

As I understand, you want to block http/https traffic on switch ports 20,21 and 23 so that users cannot access any web pages (http/https), is it correct?

If yes, you can try to use Port ACLs. You would need an ACL and apply it to switch ports 20,21 and 23.

Let me assume the format of your switch port 20 is f0/20, the following configuration is an example of Port ACLs on switch port 20:

 ip access-list extended block-http-https
    deny   tcp any any eq www
    deny   tcp any any eq 443
    permit ip any any

 interface FastEthernet0/20
   switchport mode access
   ip access-group block-http-https in
 end

I hope it is helpful and answers your question.

Related Solutions

Cisco – DHCP Server Port-Based Address Allocation on Cisco switch 2960-x

Finally solved the problem!! So I was facing problem due to loss of information in the dhcp binding table. In short the subscriber id automatically generated would not match my reservations. Here are some examples:

port#  interface  received SID(hex)      expected SID(hex) 
2      Gi1/0/2    0047-6931-2f30-2f      0047-6931-2f30-2f32 
13     Gi1/0/13   0047-6931-2f30-2f31    0047-6931-2f30-2f31-33 
24     Gi1/0/24   0047-6931-2f30-2f32    0047-6931-2f30-2f32-34

I was hitting IOS bug present in some 15.0 releases. I updated my ios to 15.2 and problem solved! Thank you for all your help.

Cisco VLAN – Configuring VLAN on Cisco Router with Dell Switch

On the switch, the four ports should all be the same:
- Make VLAN 40 untagged.
- Make VLAN 50 tagged.

You don't have to make any changes to the router. You can use any port you've shown us, as they are all configured the same.

By default, Cisco will allow all VLANs on a trunk port. You don't have to explicitly allow VLAN 50, although it's generally a good idea to only allow the ones you need.
If you want to specify which VLANs, then yes.
There's no standard for VLAN numbers. The VLAN information (VID) is carried in the 802.1q Ethernet frame.

Best Answer

Related Solutions

Cisco – DHCP Server Port-Based Address Allocation on Cisco switch 2960-x

Cisco VLAN – Configuring VLAN on Cisco Router with Dell Switch

Related Topic