Blocking Services

Unanswered Question
May 11th, 2007
User Badges:

I have 20users on a BO site with 2960 layer2switch and router connecting to HO


I want to block all telnet | SSH | ping request initiating from these 2960 switch.


What configuration is required on the switch to accomplish it.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 05/11/2007 - 00:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Do you want to restrict telnet/ssh/ping from the BO to any other office or from the users within the BO to anywhere else including the router in the BO.


If the first you could use an inbound access-list on the router interface connecting to the 2960 switch.


if the seconf you might need to look into Vlan access-lists.


Could you tell us which one it is ?


Jon

royalblues Fri, 05/11/2007 - 00:51
User Badges:
  • Green, 3000 points or more

Friend,


If you want to disable telnet sessions initiated from the 2960, just use the command transport output none


Line vty 0 15

transport output none.


For disabling ping, you would require an ICMP access-list applied to the gateway router /L3


HTH, rate if it does

Narayan

Spinu Viorel Fri, 05/11/2007 - 00:49
User Badges:

Far as I know, if U want to block some services like ssh, telnet, icmp U have to work on upper layers, and not layer2...so u can't do that on the swith...I would say u can configure ACL on the router.

U have to build the acl and then apply on a n interface, and on a direction in or out.


Viorel

Actions

This Discussion