1. create a access-list and apply to line con so that no one can telnet or ssh to your router except the permitted IP's or network in that access-list. 2. define a extened access-list which all networks you want allow and at the end you can deny any any. 3. Disable http server. 4. Use SNMP server feature if you have SNMP enabled on your router.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Have an external interface input ACL that blocks all traffic to the interface's IP (except for routing or other known/approved traffic to the interface's IP). (I.e. external traffic with interface's IP as destination)
Extend the ACL to control what traffic you allow to transit the interface, inbound, or firewall rules and/or NAT.
I would suggest you can use either 1] Reflexive access-lists 2] Context Based access-lists or 3] Zone based firewall solution. (depending on complexity)
In case of zone based solution you can inspect the tcp,udp,ip,icmp traffic as required or allow the selected traffic just to pass without inspection, etc. Only return traffic is allowed that was generated Inside or on router. All the traffic originating outside will be dropped by default except if you specify.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...