Blocking a Port on a Vlan 2950

[marchon1960]

Is it possible to block a particular port on a vlan, for instance say I wanted to block one user from using PCAnywhere is it possible to block that port only for that user? If this is possible please explain how.

Thanks

 

[ADB100]

If you have a 2950 running the enhanced image then you can do this with Access Control Lists (ACLs). Say you wanted to stop a user trying to telnet anywhere, you would create an ACL:

ip access-list extended Deny-Telnet
deny tcp any any eq 23
permit ip any any
!
You would then attach this to the interface in the specific direction (in this case inbound):

interface FastEthernet0/1
ip access-group Deny-Telnet in
!

Andy

 

[marchon1960]

Can you tell me if this is the enhanced Version?

Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0x80010000, data-base: 0x80528000

 

[ADB100]

Below the line that reads:

cisco WS-C2950T-24 (RC32300) processor (revision J0) with 20001K bytes of memory

It should say whether it is running the enhanced image. Mine says:

Processor board ID FOC0715X2NW
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

With the 2950 sofware there is only a single image but the features that are enabled depend on the hardware. What is the part number of the switch? Mine is a WS-C2950T-24, this has 24 10/100 and 2 10/100/1000 ports.

Andy