NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

bjmango's avatar
bjmango
Aspirant
Mar 27, 2018
Solved

Which Switch Model support block port#443 traffic per switch port and through command lines

I am looking for a switch that supports.

1. Block/unblock the internet traffic from a certain port (ex.port443) through command line.

2. The traffic could be controled per switch port throught the command line.

Before You Buy
Solutions
  • Retired_Member's avatar
    Retired_Member
    Mar 29, 2018

    Hi bjmango,

     

    As port #443 is known protocol for HTTPs over TCP, we can block TCP protocol port=443 as below:

    [Step1: create IP ACL rule, deny TCP destination port=443]

    ip access-list test
    deny tcp any any eq 443
    permit ip any any
    exit

    [Step2: binding IP ACL to interface 1/0/6]
    interface 1/0/6
    ip access-group test in 1
    exit

     

    Besides: If you want only permit packet with port=443, deny other packet. We need change IP ACL rule as below:

    permit tcp any any eq 443 
    deny ip any any

     

    For detailed configuration of IP ACL function, please refer to CLI User Manual for Manged Switch, refer to the link (page 940: IP Access Control List  Commands).

4 Replies

Replies have been turned off for this discussion
  • Retired_Member's avatar
    Retired_Member
    Mar 28, 2018

    Hi bjmango

    Welcome to the community!

    All Netgear Fully Managed Switches support config IP ACL to block specific traffic with certain port(TCP/UDP port) per switch port by CLI command.

    For all Netgear Fully Managed Switches list, please refer to link, then select Swtiches-->Fully Managed Switches.

    Hope it helps!

    Regards,

    EricZ
    NETGEAR employee

    • bjmango's avatar
      bjmango
      Aspirant
      Mar 28, 2018

      Thanks EricZ, could you give me a CLI example that blocks then unblock the port 443 traffic against switch port6? Thank you very much!

      • Retired_Member's avatar
        Retired_Member
        Mar 29, 2018

        Hi bjmango,

         

        As port #443 is known protocol for HTTPs over TCP, we can block TCP protocol port=443 as below:

        [Step1: create IP ACL rule, deny TCP destination port=443]

        ip access-list test
        deny tcp any any eq 443
        permit ip any any
        exit

        [Step2: binding IP ACL to interface 1/0/6]
        interface 1/0/6
        ip access-group test in 1
        exit

         

        Besides: If you want only permit packet with port=443, deny other packet. We need change IP ACL rule as below:

        permit tcp any any eq 443 
        deny ip any any

         

        For detailed configuration of IP ACL function, please refer to CLI User Manual for Manged Switch, refer to the link (page 940: IP Access Control List  Commands).

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More