Blocking Services

Unanswered Question
May 11th, 2007

I have 20users on a BO site with 2960 layer2switch and router connecting to HO

I want to block all telnet | SSH | ping request initiating from these 2960 switch.

What configuration is required on the switch to accomplish it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 05/11/2007 - 00:45

Hi

Do you want to restrict telnet/ssh/ping from the BO to any other office or from the users within the BO to anywhere else including the router in the BO.

If the first you could use an inbound access-list on the router interface connecting to the 2960 switch.

if the seconf you might need to look into Vlan access-lists.

Could you tell us which one it is ?

Jon

royalblues Fri, 05/11/2007 - 00:51

Friend,

If you want to disable telnet sessions initiated from the 2960, just use the command transport output none

Line vty 0 15

transport output none.

For disabling ping, you would require an ICMP access-list applied to the gateway router /L3

HTH, rate if it does

Narayan

Spinu Viorel Fri, 05/11/2007 - 00:49

Far as I know, if U want to block some services like ssh, telnet, icmp U have to work on upper layers, and not layer2...so u can't do that on the swith...I would say u can configure ACL on the router.

U have to build the acl and then apply on a n interface, and on a direction in or out.

Viorel

Actions

This Discussion