mr_mpz
asked on
Block a Port&Connection in Cisco Router 2611 XM
hi
i have a cisco router 2611 xm for gateway ,my internet line connected to serial port.
1)when i run under instruction a connection is LOCAL with ip 66.241.243.150
what is this connection ? i want block this connection becuse this with this connection my speed is low,what is solution for block this connections.
2) i want monitor packete on router (debugging) - what is nesesary instruction ?
gateway# sh ip cache flow
........
........
........
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Se0/0 64.187.54.110 Fa0/0 217.219.200.y 06 0050 88DA 28
Se0/0 216.109.127.60 Fa0/0 217.219.200.y 06 01BB 04D4 5
.
.
.
Se0/0 66.241.243.150 Local 217.219.200.x 01 0000 0800 1502
.
.
.
Se0/0 66.241.243.150 Local 217.219.200.x 01 0000 0000 12K
Se0/0 64.142.56.136 Fa0/0 217.219.200.y 06 194D 0437 16
.
.
.
Se0/0 217.219.14.176 Null 217.219.200.y 06 1380 0087 1
Se0/0 217.219.14.176 Local 217.219.200.x 06 1381 0087 1
Se0/0 217.219.14.176 Null 217.219.200.z 06 1383 0087 1
gateway#sh ru
Building configuration...
Current configuration : 1995 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Gateway
!
enable secret 5 $1$KNe4$Vqnz4u1nsqs.3oxqYH QUk0
enable password 7 082C5C540813
!
no ip subnet-zero
!
!
ip domain-name test.com
ip name-server 192.9.9.3
ip name-server 62.32.32.26
!
!
!
!
interface FastEthernet0/0
ip address 217.219.200.x 255.255.255.252
speed auto
full-duplex
no cdp enable
!
interface Serial0/0
ip unnumbered FastEthernet0/0
ip access-group 100 in
ip access-group 100 out
encapsulation ppp
ip route-cache flow
no keepalive
no fair-queue
no cdp enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
ip pim bidir-enable
!
ip access-list logging interval 5000
!
access-list 100 deny icmp any any
access-list 100 deny udp any any eq netbios-ns
access-list 100 deny udp any any eq netbios-ss
access-list 100 deny udp any any eq ntp
access-list 100 deny udp any any eq 2048
access-list 100 deny udp any any eq 0
access-list 100 deny udp any any eq 8998
access-list 100 deny udp any any eq tftp
access-list 100 deny udp any any eq 135
access-list 100 deny udp any any eq 445
access-list 100 deny udp any any eq 4444
access-list 100 deny tcp any any eq 2048
access-list 100 deny tcp any any eq 0
access-list 100 deny tcp any any eq 139
access-list 100 deny tcp any any eq 4444
access-list 100 permit ip any any
access-list 101 deny tcp any eq 0 any
access-list 101 deny tcp any any eq 0
access-list 101 deny tcp any eq 2048 any
access-list 101 deny tcp any any eq 2048
access-list 101 permit ip any any
access-list 102 deny ip host 66.241.243.150 any
access-list 102 deny ip any host 66.241.243.150
access-list 102 permit ip any any
no cdp run
snmp-server community public RO
!
line con 0
password 7 060B1F3B4D44
login
line aux 0
line vty 0 4
password 7 082C5C540813
login
!
!
end
thanks
i have a cisco router 2611 xm for gateway ,my internet line connected to serial port.
1)when i run under instruction a connection is LOCAL with ip 66.241.243.150
what is this connection ? i want block this connection becuse this with this connection my speed is low,what is solution for block this connections.
2) i want monitor packete on router (debugging) - what is nesesary instruction ?
gateway# sh ip cache flow
........
........
........
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Se0/0 64.187.54.110 Fa0/0 217.219.200.y 06 0050 88DA 28
Se0/0 216.109.127.60 Fa0/0 217.219.200.y 06 01BB 04D4 5
.
.
.
Se0/0 66.241.243.150 Local 217.219.200.x 01 0000 0800 1502
.
.
.
Se0/0 66.241.243.150 Local 217.219.200.x 01 0000 0000 12K
Se0/0 64.142.56.136 Fa0/0 217.219.200.y 06 194D 0437 16
.
.
.
Se0/0 217.219.14.176 Null 217.219.200.y 06 1380 0087 1
Se0/0 217.219.14.176 Local 217.219.200.x 06 1381 0087 1
Se0/0 217.219.14.176 Null 217.219.200.z 06 1383 0087 1
gateway#sh ru
Building configuration...
Current configuration : 1995 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Gateway
!
enable secret 5 $1$KNe4$Vqnz4u1nsqs.3oxqYH
enable password 7 082C5C540813
!
no ip subnet-zero
!
!
ip domain-name test.com
ip name-server 192.9.9.3
ip name-server 62.32.32.26
!
!
!
!
interface FastEthernet0/0
ip address 217.219.200.x 255.255.255.252
speed auto
full-duplex
no cdp enable
!
interface Serial0/0
ip unnumbered FastEthernet0/0
ip access-group 100 in
ip access-group 100 out
encapsulation ppp
ip route-cache flow
no keepalive
no fair-queue
no cdp enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
ip pim bidir-enable
!
ip access-list logging interval 5000
!
access-list 100 deny icmp any any
access-list 100 deny udp any any eq netbios-ns
access-list 100 deny udp any any eq netbios-ss
access-list 100 deny udp any any eq ntp
access-list 100 deny udp any any eq 2048
access-list 100 deny udp any any eq 0
access-list 100 deny udp any any eq 8998
access-list 100 deny udp any any eq tftp
access-list 100 deny udp any any eq 135
access-list 100 deny udp any any eq 445
access-list 100 deny udp any any eq 4444
access-list 100 deny tcp any any eq 2048
access-list 100 deny tcp any any eq 0
access-list 100 deny tcp any any eq 139
access-list 100 deny tcp any any eq 4444
access-list 100 permit ip any any
access-list 101 deny tcp any eq 0 any
access-list 101 deny tcp any any eq 0
access-list 101 deny tcp any eq 2048 any
access-list 101 deny tcp any any eq 2048
access-list 101 permit ip any any
access-list 102 deny ip host 66.241.243.150 any
access-list 102 deny ip any host 66.241.243.150
access-list 102 permit ip any any
no cdp run
snmp-server community public RO
!
line con 0
password 7 060B1F3B4D44
login
line aux 0
line vty 0 4
password 7 082C5C540813
login
!
!
end
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Debugging packets is very processor intensive, if all you are looking for is source and destination addresses and the amount of packets, then turn ip accounting on the out interface.
conf t
int fe 0/0
ip accounting output packets
ctrl z
sh ip accounting
Debugging packets is very processor intensive, if all you are looking for is source and destination addresses and the amount of packets, then turn ip accounting on the out interface.
conf t
int fe 0/0
ip accounting output packets
ctrl z
sh ip accounting
the example's one or another - not both
the memory on your router isn't going to keep very much history, consider using a syslog server somewhere to capture all the output.
http://www.kiwisyslog.com/ is a free one for windoze
the memory on your router isn't going to keep very much history, consider using a syslog server somewhere to capture all the output.
http://www.kiwisyslog.com/ is a free one for windoze
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: chicagoan {http:#10361147}
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
grblades
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: chicagoan {http:#10361147}
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
grblades
EE Cleanup Volunteer
conf t
interface Serial0/0
ip access-group 102 in
There is an error in your config where the same access-list is both in and out