08-26-2003 04:53 AM - edited 03-02-2019 09:53 AM
I am trying to contain the blaster\nachi worm with access list. My router is getting hammered, and I would like to block the ports before it gets to the router but I all have is WS-C2924C-XL-EN, WS-5000, WS-1924-EN, WS-2980G's. The 5000 has no routing capabilities, so I set a 2924 up before the traffic hits the router and used access lists on it but it is only catching very few of them. Am I missing something, or were can I find out what switches support access lists. Thanks for your help.
08-26-2003 04:56 AM
what does your acl look like and how is it applied ?
08-26-2003 05:31 AM
access-list 115 deny icmp any any echo
access-list 115 deny icmp any any echo-reply
access-list 115 deny udp any any eq 69
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny tcp any any eq 137
access-list 115 deny udp any any eq 137
access-list 115 deny tcp any any eq 138
access-list 115 deny udp any any eq 138
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq 139
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 593
access-list 115 deny udp any any eq 593
access-list 115 deny tcp any any eq 707
access-list 115 deny tcp any any eq 4444
access-list 115 permit ip any any
int vlan 1
no ip unreachables
ip access-group 115 in
ip access-group 115 out
08-26-2003 05:53 AM
2900 XL series switches do not support ACLs.
Please refer to the following conversation:
Title: ACL on 2924
Regards,
Rajesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: