Block external webaddress from layer 2 switch

Dear all,
I am trying to permit a website address 130.x.x.x from layer 2 switch, all other traffic should be denied.
I am trying this by:
access-list 15 permit host 130.x.x.x
access-list 15 deny any
and then applying it to interface fa0/5 in
this results in blocking all the traffic and don't permit the required address.
Layer 2 switch doesn't support ACL to be applied on OUT interface.
Please advise.

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Another way to accomplish this, is to place the necessary commands into a file placed on the device's local flash.  Then you just copy the file from flash to the running config.
Like Peter's posting, I too would recommend a timed reload.  (I also normally use a five minute time.)
This technique, or Peter's, can also be used to even change the attributes of the interface being used for remote connectivity.

Similar Messages

  • Block External calls h.323 gateway CM4.1(3)

    Is there a way to block external calls from getting through the gateway. The gateway is H.323, Callmanager 4.1(3)

    You can use Class of Restriction on the gateway.
    http://www.cisco.com/en/US/tech/tk652/tk90/technologies_configuration_example09186a008019d649.shtml

  • Blocking Multicast on Layer 2 switch

    Cisco 2960, layer 2.
    trying to block inbound multicast from a single switchport.  My CUCM to be exact.
    IGMP will not do what I need as I have phones trying to listen to Multicast MOH from the server, and Im trying to block it.  Phones and server are on the same subnet.  I do not want the MC packets to hit the phones as they need to listen to something else on the same IP
    ACL on the port didnt work, neither did switch block multi as I think it doesn't block packets with a correct source mac.
    Storm-control multi level 0 didnt work, neither does storm-control broad level 0
    Any other options?  Or are one of these options actually working and I just dont know it (my multicast isn't setup right lets say).  I see my multicast counters on the port go up when I turn on multicast from the server so I know its being sent.

    Hi ,
    You can block layer 2 Multicast traffic with following commands
    Step 3 
    switchport block multicast
    Block unknown multicast forwarding out of the port.
    Note Only pure Layer 2 multicast traffic is blocked. Multicast packets that contain IPv4 or IPv6 information in the header are not blocked.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swtrafc.html
    HTH
    Sandy

  • How do you take information from one layer and switch it to another?

    I am trying to figure out how to take pictures and text that I have already placed on one layer and switch it to another layer. I have like 50 pages worth of information and I am trying to look for the easiest way to do this. In illustrator and Photoshop, its pretty easy. Wanting to know if it is the same because I have been trying but it is not there. Just in case it matters, Im using CS5 on a pc. Help is greatly appreciated.

    Hi Martin,
    Please follow the below steps.
    Step 1
    Create the separate layer. Select the content you want to move.
    Step 2
    Go to check layer panel, near the pen symbol icon, the below box drag to move up to the image layer, see sample
    Step 3
    This option use spread wise content, it will complete the task with fast. If more faster, please raise as question to Scripting Forum, they can suggest the tool.

  • How to Prevent or Block Rogue APs from Joining Your Wired or Wireless WLANs

    Hi all, I deployed a WLAN with 1 WLC 4400 and 5 1252AP. I do not see the way to Block Rogue APs from Joining the Wired or Wireless WLANs

    PART 1
    There are three parts to this:
    1. detect - automatic
    2. classify - by default APs are untrusted/unknown, various methods can be configured to classify them as trusted and threat (connected to wired network).
    3. over the air contain (aka mitigate) - in 4.x this is manual, in 5.x you can configure auto-containment
    First you need to detect. WLC does this automatically out of the box. It listens the air for unknown APs, clients and ad-hocs. Are you seeing Rogue APs under Monitor > Rogues > Rogue APs?
    Next, you can manually classify rogue APs as "known" (internal or external). Starting with 5.0 you can also build rogue rules based on RSSI, SSID, Clients, etc. If an AP is classified as "known" (internal or external), WCS stops alerting you.
    Another key classification piece is to detect whether or not the rogue AP is physically connected to your network which is a high security risk. There are three ways WLC can detect it and neither of them is automatic. You must configure these methods manually.
    1. Rogue AP Detector, aka ARP sniffing. You have to dedicate one AP as "Rogue Detector" (change AP mode from local to rogue detector). Configure the port the AP is connected to as switchport mode trunk (normally it's switchport mode access). Rogue Detector AP turns off and doesn't use its radios. When WLC detects rogue APs it can also detect the MAC addresses of any clients associated to that rogue APs, and the rogue detector AP simply watches each hardwire trunked VLAN for ARP requests coming from those rogue AP clients. If it sees one, WLC automatically classifies the rogue AP as "threat" indicating that the rogue AP is physically connected to your network. It doesn't actually do anything with the rogue AP, it simply classifies it and alerts you. Also, keep in mind that this method doesn't work if the rogue AP is a Wireless Router, because Wireless Routers NAT and ARP requests don't propagate to the wire.
    2. RLDP. Rogue Location Discovery Protocol. This feature is by default turned off and can be enabled under Security > Wireless Protection Policies > Rogue Polices. This feature works only when the rogue SSID is open, meaning that it's not using WEP/WPA/802.1x. When you enable RLDP, your WLC will pick some AP (you can't pick manually) which hears Rogue AP traffic, it will temporarily shut off its radio, turn it into a client, and instruct it to associate to the Rogue AP as client (this is where the requirement comes in for the Rogue SSID to be open authentication). Once associated, AP gets a DHCP IP through Rogue AP, it then sends a special small UDP port 6352 RLDP packet to every possible WLC's IP address (mgmt ip, ap manager ip, dynamic int IPs). If WLC gets one of those packets, it means that rogue AP is physically connected to your network. This method will work when Rogue AP is a Wireless Router. But this method is not recommended. It has an adverse effect on your wireless clients because RLDP AP goes offline for a period of time disconnecting your clients and forcing them to associate to another AP. Also, keep in mind, that WLC runs this RLDP process *once* per detected rogue AP. It doesn't periodically do this, it only does it once. In some later WLC versions, you can configure RLDP to run only on "monitor mode" APs, eliminating impact on your clients. Also, you can manually trigger RLDP for a rogue AP from CLI "config rogue ap rldp initiate ". You can "debug dot11 rldp" to see the process.
    3. Switchport Tracing (need WCS, and WLC 5.1). This is a later feature that requires WCS. You can add your Catalyst switches to WCS, and WCS will look at CDP information and MAC tables on your switches to detect whether or not Rogue AP is connected to your network. This works with secured and NAT rogues. You can also *manually* instruct WCS to shut down the switchport that Rogue AP is connected to.

  • Multi-layer/layer3 switch VS. Router

    Multi-Layer Switch or Layer3 switch vs. router; How they are different?
    1.7

    In a router the route calculation and packet processing take place in the software on layer 3. This means that packets need to be moved from the layer 2 hardware interface to layer three and so it takes some time. In a layer 3 Switch Routing calculations takes place at layer 3 in hardware or software, while the actual packet processing takes place at layer 2. The speed gain is accomplished by reducing the amount of features supported and moving as much logic as possible into hardware.

  • Tried opening a file in library and it states can't open database with library name? It says Relaunch then will not open? and Blocks me completely from Aperture. I have to go to Finder to Rename it? I need this file how do I get it to open?

    Tried opening a file in library and it states can't open database with library name? It says Relaunch then will not open? and Blocks me completely from Aperture. I have to go to Finder to Rename it? I need this file how do I get it to open?

    Aftershotz,
    You're going to have to give a bit more information.
    What do you mean by "opening a file in library?"  There is no function of Aperture to open files -- you can open (switch) libraries.
    You'll have to be more specific about error messages, too.  Perhaps some screenshots would be useful to diagnose your problem.  "Can't open database with library name" is not enough detail about what Aperture is really telling you.
    nathan

  • Cant Access external shares from my admin account

    Hi,
    the title says it all.
    No matter if I try to connect via smb or afp. If I try to log in from the admin account to external afp or smb shares the login is refused cause of permissions.
    IF I do switch to a user other than the system admin account, the access to external shares works like a charm.
    In my case its an external NAS from Buffalo (Linkstation Duo).
    Also from other Lion machines ... no problem when trying to access that share.
    Im aware of the DHCAST128 changes but as you can read above it seems that this is not the issue.
    Any hints or suggentions?
    Thanks!
    Andrew

    Hi-
    You can use the account that you use daily, as SuperDuper will clone the entire drive, which includes all accounts, applications and data. SD will require an administrator password to run the cloning, but this can be done from any account.

  • Deployment: Deploying external libraries from dependent projects

    Hi,
    i need some help for the following issue.
    How do I deploy external libraries from dependent projects? I have one project for the model layer which references TopLink JPA library and an other project for view/controller based on JSF/ADF Faces. The view/controller project has the model project as dependency.
    For the view/controller project i have created a WAR deployment profile. On deployment all classes and referenced libraries from view/controller project and all classes from model project were included. But not the referenced library for TopLink JPA.
    My second approach was to create a JAR deployment profile for the model project. Again the referenced library for TopLink JPA was not included.
    My third approach was to add a library file group to the JAR deployment profile. I tried to add the library to jar's root and to META-INF directory. But the application don't find the library (java.lang.NoClassDefFoundError).
    The only way I got this running was adding all referenced libraries from dependent projects to the view/controller project which couldn't be the proper solution.
    So how do I get this running? What are the best practices?
    I would be glad to get some input on these issue. Thank you.
    PS:
    I'm using JDeveloper 10.1.3.2 and like to deploy on Tomcat 5.5.23.

    I see your points.
    Unless you have Java EE 5 there is no real standard way of including libraries in EAR files. Including the libs in the WAR files is the only standard supported way for file formats prior to Java EE 5. If you have to consider Tomcat as a possible platform, WAR files are your only option.
    You reluctance to include the libs in the WEB-INF/libs structure is understandable but think of injected dependencies in the Entities you're not aware of. These might be needed in the view layer too.
    --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Can you Launch External Applications From Within InDesign Ebook?

    Hi all,
    I was wondering if it is possible to open an external application from within an ebook (created with InDesign) e.g. click on a link and have an external ssh client open up for instance?
    Thanks in advance for any advice.
    Regards,
    RG

    It's possible to include hyperlinks in an InDesign file and export them in an EPUB file. Since I'm not familiar with working with SSH clients (in fact, I just had to Google it to have a clue what you're talking about), is this something that can be invoked in a standard URL format? If so, you could probably include it.
    The next issue is whether the link would work. The link couldn't be used directly in any eBook reader I know of, but at least the iBook on an iPad or iPhone would switch to to Safari to let you follow a URL to its destination. But I don't think that's possible on most eBooks.

  • CME:how to block external call to external call

    cme have the four fxo and AA,when the external calls come in,and dial 9+ pstn num,it can call from external call to another external call,how can blocking?

    Hi,
    try to use this command
    #call application voice aa max-extension-length 5
    This option declares the maximum length of the extension that the user can dial when dial-by-extension-option is chosen. The default value is 5. The value can be 0 with no restriction up to x digits.
    or try
    3.
    Configure Class of Restriction (COR) to block call transfers from B-ACD to PSTN numbers. The sample configuration below prevents the B-ACD from transferring calls out to local and long distance PSTN numbers. The B-ACD can still transfer calls to internal extensions.
    Below is an example of such a configuration:
    dial-peer cor custom
    name longdistance
    name local
    dial-peer cor list call-longdistance
    member longdistance
    dial-peer cor list call-local
    member local
    dial-peer cor list block-pstn
    dial-peer voice 1 voip
    corlist incoming block-pstn
    application aa
    destination-pattern 1000
    session target ipv4:192.168.1.1
    incoming called-number 1000
    dtmf-relay h245-alphanumeric
    codec g711ulaw
    no vad
    dial-peer voice 2 pots
    corlist outgoing call-longdistance
    destination-pattern 91..........
    port 0/2/0
    dial-peer voice 3 pots
    corlist outgoing call-local
    destination-pattern 9[2-9]......
    port 0/2/0
    Thanks
    Najeeb

  • When I try to open a site I normally access i'm getting a bar that says,Firefox has blocked this site from opening another window then on the right side of the bar gives option to allow or not. Never did that before. Thanks

    When I try to open a site I normally access i'm getting a bar that says,Firefox has blocked this site from opening another window then on the right side of the bar gives option to allow or not. Never did that before. Thanks

    Hello,
    '''Try Firefox Safe Mode''' to see if the problem goes away. Safe Mode is a troubleshooting mode, which disables most add-ons.
    ''(If you're not using it, switch to the Default theme.)''
    * On Windows you can open Firefox 4.0+ in Safe Mode by holding the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
    * On Mac you can open Firefox 4.0+ in Safe Mode by holding the '''option''' key while starting Firefox.
    * On Linux you can open Firefox 4.0+ in Safe Mode by quitting Firefox and then going to your Terminal and running: firefox -safe-mode (you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
    * Or open the Help menu and click on the '''Restart with Add-ons Disabled...''' menu item while Firefox is running.
    [[Image:FirefoxSafeMode|width=520]]
    ''Once you get the pop-up, just select "'Start in Safe Mode"''
    [[Image:Safe Mode Fx 15 - Win]]
    '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshooting extensions and themes]] article for that.
    ''To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
    ''When you figure out what's causing your issues, please let us know. It might help other users who have the same problem.''
    Thank you.

  • Shadow from layer behind

    I have an image of a block pary with 38 people. Naturally the image of some people had to be changed or deleted or added, etc.   The first and last layers started out as duplicates of the whole picture. 
    I needed to remove the face of someone standing in front of green shrubs.  To do this, I
    a. created a mask on the first layer removing the the face in question
    b. copied a area of green shrub lager than the face removed
    c. put that on a layer between the 2 layers
    and, voila, the face disappeared into the shrub.
    However, the part of the shrub on the second layer, which was larger than the masked face, appears as a faint shadow on the top layer!!
    This was very disconcerting!!  In order to complete the picture, I was forced to make the mask on the first page exactly the same size as as the patch of shrub on the second page!!  Hence,  no overlap, no shadow!!
    The obvious question is why does the faint shadow appear on the top page from anything underneath it???
    Chuck

    Hi,
    Thanks for the response.
    I tried to get some screen shots but was unable.  My cursor is inop
    (subject of another query yesterday) . I tried  redoing it on
    another, smaller photo with only 4 people.  I could not reproduce it
    in that photo(???).
    Will try again in original group shot when I resolve the cursor problem.
    Chuck
    >Re: shadow from layer behind
    >created by
    ><http://forums.adobe.com/people/c.pfaffenbichler>c.pfaffenbichler in
    >Photoshop Windows -
    ><http://forums.adobe.com/message/3946521#3946521>View the full
    >discussion
    >Could you please post a screenshot with the pertinent Panels visible?
    >But basically if a lower Layer is discernible even though another
    >Layer ostensibly covers it, that covering Layer must
    >* be somewhat transparent of have a opacity or fill opacity below 100% or
    >* have a Blend Mode other than Normal
    have an edited Blend If-setting in the Blending Options

  • Changing SG300 from Layer 3 to Layer 2

    Will changing an SG300 switch from Layer 3 to Layer 2 cause any significant user downtime, or any at all?  I have two 52-port SG300's and two 20-port SG300's to make this change to.

    From the admin guide p.254:
    http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
    NOTE Switching from one system mode (layer) to another (on Sx500 devices) requires a
    mandatory reboot, and the startup configuration of the device is then deleted.
    So, you will want to backup you config, do this in a scheduled maintenance interval and reload the config by hand.
    Also realize there may be L3 commands in your config that will not apply in L2 mode.
    Good luck!

  • Changing External Editor from Photoshop CS to CS5

    I've looked through the preferences pane but for the life of me can't figure out how to get iPhoto to switch its external editor from CS to CS5. Does anyone here have any idea? TIA!

    In iPhoto's General Preferences use that menu to select CS again. That will let you navigate to the editor of your choice to select it. It's not very intuitive, is it?
    This may be preaching to the choir but FWIW:
    Using Photoshop (or Photoshop Elements) as Your Editor of Choice in iPhoto.
    1 - select Photoshop as your editor of choice in iPhoto's General Preference Section's under the "Edit photo:" menu.
    2 - double click on the thumbnail in iPhoto to open it in Photoshop. When you're finished editing click on the Save button. If you immediately get the JPEG Options window make your selection (Baseline standard seems to be the most compatible jpeg format) and click on the OK button. Your done.
    3 - however, if you get the navigation window that indicates that PS wants to save it as a PS formatted file. You'll need to either select JPEG from the menu and save (top image) or click on the desktop in the Navigation window (bottom image) and save it to the desktop for importing as a new photo.
    This method will let iPhoto know that the photo has been editied and will update the thumbnail file to reflect the edit..
    NOTE: With Photoshop Elements 6 the Saving File preferences should be configured: "On First Save: Save Over Current File". Also I suggest the Maximize PSD File Compatabilty be set to Always.
    If you want to use both iPhoto's editing mode and PS without having to go back and forth to the Preference pane, once you've selected PS as your editor of choice, reset the Preferences back to "Open in main window". That will let you either edit in iPhoto (double click on the thumbnail) or in PS (Control-click on the thumbnail and seledt "Edit in external editor" in the Contextual menu). This way you get the best of both worlds
    2 - double click on the thumbnail in iPhoto to open it in Photoshop. When you're finished editing click on the Save button. If you immediately get the JPEG Options window make your selection (Baseline standard seems to be the most compatible jpeg format) and click on the OK button. Your done.
    3 - however, if you get the navigation window that indicates that PS wants to save it as a PS formatted file. You'll need to either select JPEG from the menu and save (top image) or click on the desktop in the Navigation window (bottom image) and save it to the desktop for importing as a new photo.
    This method will let iPhoto know that the photo has been editied and will update the thumbnail file to reflect the edit..
    OT

Maybe you are looking for