Blocking Services

Unanswered Question
May 11th, 2007
User Badges:

I have 20users on a BO site with 2960 layer2switch and router connecting to HO

I want to block all telnet | SSH | ping request initiating from these 2960 switch.

What configuration is required on the switch to accomplish it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 05/11/2007 - 00:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Do you want to restrict telnet/ssh/ping from the BO to any other office or from the users within the BO to anywhere else including the router in the BO.

If the first you could use an inbound access-list on the router interface connecting to the 2960 switch.

if the seconf you might need to look into Vlan access-lists.

Could you tell us which one it is ?


royalblues Fri, 05/11/2007 - 00:51
User Badges:
  • Green, 3000 points or more


If you want to disable telnet sessions initiated from the 2960, just use the command transport output none

Line vty 0 15

transport output none.

For disabling ping, you would require an ICMP access-list applied to the gateway router /L3

HTH, rate if it does


Spinu Viorel Fri, 05/11/2007 - 00:49
User Badges:

Far as I know, if U want to block some services like ssh, telnet, icmp U have to work on upper layers, and not u can't do that on the swith...I would say u can configure ACL on the router.

U have to build the acl and then apply on a n interface, and on a direction in or out.



This Discussion