Harden internet router

Unanswered Question


I want to harden my internet router.

Any link on this.

I cheked few links and find out that RFC 1918,3380 address to be blocked on externla int.

There is one entry like

access-list 101 deny ip host any


access-list 101 deny ip host

What is this host in the command.My internet router or something else.What should I use here..

And how these acl will work?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Mon, 03/02/2009 - 02:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


host & host are host addresses you should never see so you are safe to deny them.

There are some very good papers on hardening devices, have a look at these two

1) Cisco document on hardening routers


2) A non-Cisco doc from the sans.org website.



Leo Laohoo Mon, 03/02/2009 - 13:56
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hey Jon,

Thanks for the link. Check out this proviso: "Reposting is not permited without express written permission."

He he he ...

ronald.ramzy Mon, 03/02/2009 - 22:03
User Badges:


Can Someone help on how to harden or secure Switch which is connected to Internet.

Multiple ISP links are terminated on the switch...


This Discussion