Blocking Ports on Cisco Router

okoroji80 · ‎12-10-2013

Dear Support Team,

kindly help with the guide on how to block the following ports on Cisco Router:

80 (HTTP)

20 (FTP)

21 (FTP)

530 (RPC

paul driver · ‎12-10-2013

Hello

One crude method is to use a simple acl to acomplish this:

access-list 100 deny tcp any any eq www

access-list 100 deny tcp any any eq ftp

access-list 100 deny tcp any any eq ftp-data

access-list 100 deny tcp any any eq 530

access-list 100 deny udp any any eq 530

access-list 100 permit ip any any

int xx
ip access-group 100 in
ip access-group 100 out

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

okoroji80 · ‎12-10-2013

Thanks Paul.

however in applying the ACL to the interface, should it be In or Out ?

cadet alain · ‎12-11-2013

Hi,

It all depends where are located the services that you want to block and if you have specified these ports as source or destination in your ACL. Don't forget that outbound ACL don't filter traffic generated by the router but that inbound ACL do so you should also be more specific in your ACL but as Paul had not enough information he provided a "catch-all" ACL.

Regards

Alain

Don't forget to rate helpful posts.

okoroji80 · ‎12-12-2013

Hello Alain,

Besically the traffic is INBOUND. that is the restriction would be on the inbound traffic coming into the corporate network.

cadet alain · ‎12-13-2013

Hi,

Then you can apply Paul's ACL inbound on your WAN interface if your services are on your corporate LAN.

Regards

Alain

Don't forget to rate helpful posts.