bluepet
asked on
Ingress filtering how to setup?
What is the command to configure ingress filtering for Cisco router?
Let say your internal network IP is
131.144.4.0
WAN--se0/0----router----et h0/0--- LAN 131.144.4.0
Let say your internal network IP is
131.144.4.0
WAN--se0/0----router----et
It depends on what you are trying to filter. The "access-list" command will allow you to set both standard and extended access lists on the router.
ASKER
Ah I just found out how
ingress filtering is done in all new cisco routers
sh run
...
no ip directed-broadcast
...
for 3Com it's
setd -ip cont=nofwdSubnetBcast
..
engress filtering on the other hand is as follow
# config t
config# access-list extended permit ip 131.144.4.0 0.0.0.255 any
config# access-list extended deny ip any any
then configure for access group at interface eth0
config# int eth0
config if# ip access-group 100 in
:)
I however still have no idea about how to do engress filtering for 3com...
can someone help here..
ingress filtering is done in all new cisco routers
sh run
...
no ip directed-broadcast
...
for 3Com it's
setd -ip cont=nofwdSubnetBcast
..
engress filtering on the other hand is as follow
# config t
config# access-list extended permit ip 131.144.4.0 0.0.0.255 any
config# access-list extended deny ip any any
then configure for access group at interface eth0
config# int eth0
config if# ip access-group 100 in
:)
I however still have no idea about how to do engress filtering for 3com...
can someone help here..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oops, just noticed that you actually had provided the external interface and the public ip addresses. The example should then read:
router(config)#access-list 11 deny 131.144.4.0 0.0.0.255 (assuming a class C network)
router(config)#access-list 11 deny 10.0.0.0 0.255.255.255
router(config)#access-list 11 deny 127.0.0.0 0.255.255.255
router(config)#access-list 11 deny 172.16.0.0 0.15.255.255
router(config)#access-list 11 deny 192.168.0.0 0.0.255.255
router(config)#access-list 11 deny 224.0.0.0 15.255.255.255
router(config)#access-list 11 deny host 0.0.0.0
router(config)#int s0/0
router(config-if)# ip access group 11 in
router(config)#access-list
router(config)#access-list
router(config)#access-list
router(config)#access-list
router(config)#access-list
router(config)#access-list
router(config)#access-list
router(config)#int s0/0
router(config-if)# ip access group 11 in
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hey people,
No comment has been added in roughly 2 years, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between Irmoore, svindler and jwalsh88.
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Zenlion420
EE Page Editor
No comment has been added in roughly 2 years, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between Irmoore, svindler and jwalsh88.
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Zenlion420
EE Page Editor