Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
5
Replies

How To Block a Protocal at the Router?

shepperdld
Level 1
Level 1

‎02-25-2002 01:57 PM - edited ‎03-01-2019 08:37 PM

I am a little new to cisco routers and need some assistance. I would like to know if it is possible and how to block SNMP at the router. If possible please step me through the actions I will need to perform.

Thanks in advance!

Labels:
0 Helpful
5 Replies 5

rsissons
Level 5
Level 5

‎02-25-2002 06:22 PM

You block SNMP or any other IP traffic at the interface level by port number, SNMP is UDP port 161, so the command to block all SNMP traffic would be

access-list 101 deny udp any eq snmp any eq snmp

access-list 101 permit ip any any

You then apply this to the interfaces with the following command

ip access-group 101 in

See the following URL for more information on access lists

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt3/scacls.htm

0 Helpful

shepperdld
Level 1
Level 1
In response to rsissons

‎02-26-2002 05:51 AM

I am using a 2620 router.

I am in configure, then I enter the command "ip access-group 101 in" and get an error invalid input at... referencing group.

Any suggestions?

0 Helpful

ashok_boin
Level 5
Level 5
In response to shepperdld

‎03-04-2002 10:38 AM

Hello,

Where are you are in the command modes. I think you are trying from GLOBAL configuration mode. Try it from INTERFACE configuration mode. That you can reach, let's assume for "Serial 0" then

1. conf t

2. int s0

3. ip access-group 101 in

Regards...

--Ashok.


With best regards...
Ashok
0 Helpful

o.hassairi
Level 1
Level 1
In response to ashok_boin

‎03-04-2002 11:42 PM

ASHOK , if we just remove snmp communities, then is it enough?

0 Helpful

jessdunn
Level 1
Level 1

‎03-06-2002 02:16 PM

Do you need to block SNMP from a single interface or all interfaces? Here is the command sequence:

Router>EN

Router#config t

Router(config)#ip access ex 101

Router(config-ext-nacl)#deny udp any any eq snmp

Router(config-ext-nacl)#deny udp any any eq snmptrap

Router(config-ext-nacl)#permit ip any any

now do a CTRL+Z

you should now be at this promt: Router#

Now verify your access list: sh ip acce

you should see your access list

---now to apply it to a interface----

Router#configt

Router(config)#int f1 ---or what ever interface ex. s0/0, e0/0, etc. etc.

Router(config-if)#ip acce 101 in --inbound to the interface, out is also a option if you do not want to broadcast these packets to the network segment of the attached interface..

Now do a CTRL+Z

you should now be at the Router# prompt

now type:

Router#copy run start

Destination filename [startup-config]? (just hit enter)

Building configuration...

[OK]

Now you are done, you can repeat appling the list to any other interface..

JD

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card