Block Port 1433 Only

[Teaguec]

I want to block port #1433 on my cisco 2501 router to inbound traffic, how do I do this? I am using ios software version 10.2 so I can't use the "any" command on the access-list.

 

[ccie9545]

I am not too sure where you got the idea that you can't use the any keyword. the correct syntax would be

access-list 101 deny tcp any eq 1433 any eq 1433
access-list 101 deny udp any eq 1433 any eq 1433
access-list 101 deny tcp any any eq 1433
access-list 101 deny udp any any eq 1433
access-list 101 permit ip any any established

you don't have to use the established keyword, and you may or may not need all of the entries depending on what you are trying to accomplish.....here is a link explaining extended access-list for IOS version 12.2

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/1rfip1.htm#xtocid2

Erik Rudnick, CCIE No. 9545
mailto:erik@kuriosity.com

 

[Teaguec]

Thanks Erik but when typing for example "access-list 101 deny tcp any eq 1433 any eq 1433" while in config mode I receive an error that reads, "invalid input detected at marker and it points to the first character "a" in the word any. As I indicated earlier for some reason I can't use the "any" command I only assumed it was because the "any" command came out after IOS version 10.2.

 

[pmesjar]

"any" is shortcut for: 0.0.0.0 255.255.255.255 Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[ccie9545]

oops, just got back from vacation....and reread....i thought that you said IOS version 12.2 not 10.2.....sorry about that.....but you can use 0.0.0.0 255.255.255.255 just like pmesjar stated.... Erik Rudnick, CCIE No. 9545
mailto:erik@kuriosity.com