Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

891 Router config help

Hello all,

I'm very very new to cisco IOS and could use assistance/enlightenment with it and how it works.

In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? 

with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."

how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?

before i go getting really granular with the security, i'd like it so that if the ISP pings me, they don't get a response, and same with anyone who pings me for that matter..

Thanks in advance!


Cisco Employee

891 Router config help

Well, It is really complicated to say "Basic security". There are 2 types of Firewall that you can configure using IOS, one is CBAC and the other one (little bit more complicated) called Zone based firewall. First you need to know what services are permitted from inside to outside and from outside to inside and so on....

Here are a couple of documents that may help you to sort this out,


Zone based

If you put what services you need to allow for both directions, I may be able to give you some config so you can check it and apply it to your routers.


New Member

891 Router config help

Hey Mike,

Thanks for the response! 

I'm sorry to say but I'm very very novice with cisco and while i sorta get the point of cbac and zone based firewalls, i don't know enough at the moment to get really granular with them.

I have an 891 router which i need to put into service at home because I'm changing service providers and the new one will need the gigabit wan port.

currently i have a simple rv042 v3 router for firewall duties.  I have dhcp on it disabled because my switch (SG300) handles everything on the vlan side of things.   so as i said, the router just handles firewalling, thats it..

on the RV042, the only firewall services that are active are: SPI, DoS, and Block WAN Request.

I just want to enable those same simple things on the 891.  I figure SPI will be more involved, and i see the documentation on it is out there to follow, but i haven't seen anything on "Block WAN Request" specifically. 

I basically (for starters) just want to have it so that if someone pings the wan ip address from outside, i don't want it to respond. 

I don't need anything absolutely crazy, i just want to have the same basic, simple firewalling that the RV042 does, on my 891.

Hope that explains things better.

Thanks for your time!


New Member

891 Router config help

heres a bit of additional info to clear things up.

the following are the firewall settings on my RV042:

I haven't added any of my own access rules to the rv042, and i disabled DMZ and the 2nd WAN port because I have no use for them.

it's all really simple and it's just what i need at the moment.

I hope this further clarifies what I'm looking for.

Thanks again!

CreatePlease login to create content