Solved

Stop IP from surfing in Cisco 2620 - ATTN lrmoore

Posted on 2004-09-04
2
186 Views
Last Modified: 2012-05-05
lrmoore,

Ever since the othr tech responded to our thread, I was asked to pay to see the rest.

All the lines were added over a year 1/2 ago by Cisco tech, and yes I wanted to stop pings and it's working. We had way to many people pinging our site one year and decided to put a stop to it.

Just enter those to command lines and that will take care of it?

Thanks
Bob Ross

I'll pay you for both if I can figure out how to get in to the other one.

0
Comment
Question by:bross073097
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11983876
Looks like you took care of the other question already...

Anyway, here's how to change an access-list. It is a 4-step process.
<hint> cut and paste your current acl into notepad </hint>
1. remove the acl from the interface, i.e.
   interace serial 0/0
    no ip access-group 104 in

2. delete the acl:
   no access-list 104

3. re-input the acl in the new order that you want (you did this in your notepad session with the existing acl)
  Copy the new acl in notepad
  From either telnet session or hyperTerm session, right-click and "paste to host"
  Your new access-list has been input

4. re-apply the acl to the interface
  interace serial 0/0
    ip access-group 104 in

I keep a text script handy with my acls that change once in a while. I can edit the order of the acl and add anything I want, even notes

  interace serial 0/0
    no ip access-group 104 in

  no access-list 104
  access-list 104 remark added as response to IAVA # xxxx
  access-list 104 deny tcp any any 445

  access-list 104 remark added to prevent incoming pings
  access-list 104 deny icmp any any echo
 
 access-list 104 remark added 9/5/04
  access-list 104 permit tcp any any established
 
  access-list 104 permit udp any eq domain any
  access-list 104 deny ip any any log

  interace serial 0/0
    ip access-group 104 in
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13688745
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question