03-23-2009 08:17 AM - edited 03-06-2019 04:45 AM
All,
I want to block ports 445 and 135 on the router going to a specific host. Will this access list yield those results if I put this access list on the router's inbound interface:
access-list deny tcp any host 11.1.5.0 0.0.0.255 eq 135
Solved! Go to Solution.
03-23-2009 08:25 AM
Hi,
the syntax of you access list is not correct. You should specify a host address after the word HOST instead of a subnet. Also, don't forget to give your ACL a name or number.
Also, this line will only block TCP to port 135, not to 445.
If your host is 11.1.5.1, your ACL will look like this:
access-list 100 deny tcp any host 11.1.5.1 eq 135
access-list 100 deny tcp any host 11.1.5.1 eq 445
access-list 100 permit ip any any
HTH,
Dario
03-23-2009 08:21 AM
Mario
It depends on where the 11.1.5.x hosts is in relation to router interfaces. By the way 11.1.5.0 0.0.0.255 is the /24 network and not a host as such.
11.1.5.0/24 -> fa0/0 R1 fa0/1 -> any
So in the above 11.1.5.0/24 is connected to the fa0/0 interface of R1. And all other addresses come in via fa0/1 so you would apply your access-list inbound to fa0/1.
Jon
03-23-2009 08:49 AM
Jon,
Does it matter if I apply this list on the inbound interface of the ethernet or serial?
03-23-2009 08:53 AM
Yes it does. Looking back at the digram in my last post you can either
1) apply it inbound on the fa0/1 inteface
or
2) apply it outbound on the fa0/0 interface.
Personally i would go with 1).
Note i have used fast ethernet interfaces as example but the same applies to serial interfaces.
Jon
03-23-2009 08:25 AM
Hi,
the syntax of you access list is not correct. You should specify a host address after the word HOST instead of a subnet. Also, don't forget to give your ACL a name or number.
Also, this line will only block TCP to port 135, not to 445.
If your host is 11.1.5.1, your ACL will look like this:
access-list 100 deny tcp any host 11.1.5.1 eq 135
access-list 100 deny tcp any host 11.1.5.1 eq 445
access-list 100 permit ip any any
HTH,
Dario
04-02-2009 07:32 AM
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: