Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port closing

This is probably pretty easy to most of you but I am new to this so here goes. I have a Cisco 2600 that I would like to close some incoming and outgoing ports on. Is there a simple command to do this? Specifically I am wanting to close port 1433 and a couple of others. Thanks in advance. I have IOS version 12.0<8>.

4 REPLIES
Silver

Re: Port closing

access-list 101 deny tcp any any eq 1433

access-list 101 deny udp any any eq 1433

access-list 101 permit ip any any

int e0

ip access-group 101 in

New Member

Re: Port closing

What do the last two lines do? When I type in "int e0" I get an error stating incomplete command. FYI, my router uses an internal ISDN modem for its connection. Thanks again.

Silver

Re: Port closing

I am sorry , I was just using an ethernet as an example.

you would apply the ACL to the interface you wish ,

if you want to apply to a serial it would be

router#(conf)int serial 0

router#(conf-if)ip access-group 101 in

if it is a bri it would be

router#(conf)int serial 0

router#(conf-if)ip access-group 101 in

New Member

Re: Port closing

My interface is called Dialer1. I copied some of the config. What I added is at the bottom. I am wanting to block this port coming in and going out. Does this look correct. Again, thanks for your help.

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 172.16.0.0 255.255.0.0 192.168.0.4 permanent

ip route xxxxxxxxxx 255.255.255.0 192.168.0.5

ip route 192.168.1.0 255.255.255.0 192.168.0.5

ip route 192.168.2.0 255.255.255.0 192.168.0.5

ip route 192.168.4.0 255.255.255.0 192.168.0.5

ip http server

!

access-list 101 deny ip 192.168.0.0 0.0.255.255 128.121.0.0 0.0.255.255

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

access-list 101 permit ip 172.16.0.0 0.0.255.255 any

access-list 101 deny tcp any any eq 1433

access-list 101 deny udp any any eq 1433

access-list 101 permit ip any any

dialer-list 1 protocol ip permit

!

line con 0

transport input none

line aux 0

line vty 0 4

password support

login

!

no scheduler allocate

end

297
Views
0
Helpful
4
Replies