I want to prevent internal itunes sharing on a certain VLAN on my network. I would assume an ACL is the best way. So I found that itunes likes to use 5353 and 3689 to share people's music libraries. So I created the following ACL.
no access-list 101 remark Block Itunes network sharing
no access-list 101 deny tcp any any eq 3689
no access-list 101 remark Block Itunes network sharing
no access-list 101 deny tcp any any eq 5353
no access-list 101 permit tcp any any
no access-list 101 permit udp any any
Then I applied the ACL to my VLAN.
int vlan 55
ip access-group 101 out
After I do this, I am still able to view people's shared itunes library and play their music. I look at the port monitor on my pc, and it is connecting to their computers via port 5353. Any thoughts? I have also tried ip access-group 101 in with no luck either.
no access-list 101 remark Block Itunes network sharing
no access-list 101 deny tcp any any eq 3689
no access-list 101 remark Block Itunes network sharing
no access-list 101 deny tcp any any eq 5353
no access-list 101 permit tcp any any
no access-list 101 permit udp any any
Then I applied the ACL to my VLAN.
int vlan 55
ip access-group 101 out
After I do this, I am still able to view people's shared itunes library and play their music. I look at the port monitor on my pc, and it is connecting to their computers via port 5353. Any thoughts? I have also tried ip access-group 101 in with no luck either.