Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Access List

All,

I would like to block some of the port # through my 2611. The reason of some of the user got lazy and keep playing counter strike game also making the network more traffic. Thanks

3 REPLIES
New Member

Re: Access List

Hi,

CS uses UDP ports 27005 and 27015 as default. This can be changed both in the client and server to some other ports. If you apply a ACL on your router, you will also deny these ports for all traffic. Once you apply a ACL....maybe the users will change the ports to continue gaming...

How-to-ACL:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

Maybe you should consider to install an firewall that applies your traffic policy and stops this things.

Hops this helps a bit;

New Member

Re: Access List

Thanks for the help. I got it block port # 27005, 27015 and it work.But some of them using port 27016 and then I add a deny line in the router but some how they still can play it through 27016. Thanks

Re: Access List

As per Jonas said, to block 27005, 27015, you would have created an access list as follows...

access-list xxx deny udp .......27005

access-list xxx deny udp .....27015

access-list xxx permit ip any any - this last line to permit every thing else.....

Now when u found out abt 27016, you would have added a line to accesslist xxx, to block port 27016.

Now the access list looks like this,

access-list xxx deny udp .......27005

access-list xxx deny udp .....27015

access-list xxx permit ip any any

access-list xxx deny udp .....27016.

Every statement added, gets appended to the last of the access-list. So before the deny statement for 27016, there is a permit ip statment, because of which, users might be still able to play Counterstrike, on port 27016.

Solution : - Copy your access=list from the running - config on to a text file editor such as note pad.

Edit the access list to look as follows...

access-list xxx deny udp .......27005

access-list xxx deny udp .....27015

access-list xxx deny udp .....27016.

access-list xxx permit ip any any

The permit statement should come only last. All those which u want to deny should come first.....

Now remove access list xxx, from running config,

Router(config)# no access-list xxx

Copy and paste the edited access list to the router global config mode.

Now users should be blocked on all the 3 ports, viz 27005, 27015 and 27016

Hope that helps!

232
Views
0
Helpful
3
Replies
CreatePlease to create content