Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL to block iTunes networking sharing on a VLAN 1

Status
Not open for further replies.
Teecee33

Teecee33

MIS
Jul 20, 2004
31
US
I want to prevent internal itunes sharing on a certain VLAN on my network. I would assume an ACL is the best way. So I found that itunes likes to use 5353 and 3689 to share people's music libraries. So I created the following ACL.

no access-list 101 remark Block Itunes network sharing
no access-list 101 deny tcp any any eq 3689
no access-list 101 remark Block Itunes network sharing
no access-list 101 deny tcp any any eq 5353
no access-list 101 permit tcp any any
no access-list 101 permit udp any any

Then I applied the ACL to my VLAN.

int vlan 55
ip access-group 101 out


After I do this, I am still able to view people's shared itunes library and play their music. I look at the port monitor on my pc, and it is connecting to their computers via port 5353. Any thoughts? I have also tried ip access-group 101 in with no luck either.

 
Sort by date Sort by votes
I think a step back needs to be taken.. Everyone here is recommending an ACL on the physical access port.. This is the unscalable solution.. Please verify your hardware supports VACL capability.. If it does, go that route. The reason I say this, the soultions presented here will only work if you apply the ACL to every port on the switch.. Why do I say everyport? What happens if the user moves to a different desk, the problem would be back.. As applying the ACL to every port could work, its not scalable as it requires much administrative overhead. Applying a VACL is an easy approach for the whole VLAN.

BuckWeet
 
Upvote 0 Downvote
It shouldn't be that hard using the int range command. Buckweet has a good point though; VACL is an easy solution and works well. However, it too has to be configured on every switch. Either one should work fine, should they not?
 
Upvote 0 Downvote
Well since 99% of my users are wireless, applying this on the access point switch and the trunked ports should do the trick for me. Thanks for all of the help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
111
testman1
testman1
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
144
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
202
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
170
bdk76
bdk76
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
165
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top