Thanks everyone for helping out. I think Jason's suggestion along with the
permit any/any line is probably the way to go for us. So basically, I will
have the following:
access-list 101 deny udp any 195.50.79.0 0.0.0.255 range 137 139
access-list 101 deny tcp any 195.50.79.0 0.0.0.255 range 137 139
access-list 101 permit ip any any
Then, I will type the following:
> en
# config terminal
(config) int Hssi1/0
(config-if) ip access-group 101 in
I'm assumming I need the "in" part because the default appears to be out on
the test router I am experimenting on and I want this to apply to incoming
traffic. Is this correct?
Thx again,
Scott
"J Roysdon" <[EMAIL PROTECTED]> wrote in message
946a0p$7vo$[EMAIL PROTECTED]">news:946a0p$7vo$[EMAIL PROTECTED]...
> Remember, the fewer lines an ACL is, the faster it is parsed, the faster
> packets pass:
> access-list 101 deny udp any 195.50.79.0 0.0.0.255 range 137 139
> access-list 101 deny tcp any 195.50.79.0 0.0.0.255 range 137 139
>
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
>
>
> "John Starta" <[EMAIL PROTECTED]> wrote in message
> 5.0.2.1.2.20010117135118.037b0d10@popcorn">news:5.0.2.1.2.20010117135118.037b0d10@popcorn...
> > Scott,
> >
> > The following example will block the full suite of NetBios inbound to
you
> > (presumably 195.50.79.0/24). This is not a complete ACL -- it will be
> > necessary to either specifically allow the traffic you desire inbound,
or
> > add another line to the bottom (currently commented out) permitting
> > everything else.
> >
> > access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-dgm
> > access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ns
> > access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ss
> > access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 137
> > access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 138
> > access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 139
> > ! access-list 101 permit ip any any
> >
> > jas
> >
> > At 07:35 PM 1/17/01 +0000, Scott S. wrote:
> > >Our WatchGuard FireBox seems to be getting overloaded by the number of
> > >NetBios packets it is denying. We are thinking that it might be a good
> idea
> > >of blocking these at our router instead. It is a Cisco 7200 with a
> pretty
> > >light load. Does this sound like a sensible idea? If so I was
thinking
> the
> > >following rule would be appropriate:
> > >
> > >access-list 101 deny any 195.50.79.0 eq 137
> > >
> > >
> > >Is this correct, or am I way off?
> > >
> > >
> > >Thanks in advance for any replies.
> > >
> > >
> > >Sincerely,
> > >
> > >Scott
> > >
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
