Can someone please help and tell me how to block UDP ports 137 138 on a cisco 2500 series router. Im having a problem on the netowrk where event id 8003 on a 2k server is being generated evry 12 mins. Ive had a look around and this seeesm to be the solution to block these udp ports. Someone please help? thanks
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
blocking ports
- Thread starter dooby12
- Start date
intelwizrd
IS-IT--Management
you will need to make an access list and apply it to the serial interface
connect to the router and enable privleged mode
type "conf t" (with out quotes) at the > prompt
the > should change to a # and look something like this
router(config)#
type the following:
access-list 100 deny udp any any range 137 138
access-list 100 permit ip any any
then you will need to apply it to your serial interface
type:
int ser0 (or whatever your serial interface designation is)
then type:
ip access-group 100 in
exit
exit
copy run start
when you type: show run
your interface should look something like this
interface serial 0
ip access-group 100 in
and you should see the following
access-list 100 deny udp any any range 137 138
access-list 100 permit ip any any
*note: the router may change the 137 and 138 to the word form of the port.
obviously you will have more to your running configuration than what is shown above
connect to the router and enable privleged mode
type "conf t" (with out quotes) at the > prompt
the > should change to a # and look something like this
router(config)#
type the following:
access-list 100 deny udp any any range 137 138
access-list 100 permit ip any any
then you will need to apply it to your serial interface
type:
int ser0 (or whatever your serial interface designation is)
then type:
ip access-group 100 in
exit
exit
copy run start
when you type: show run
your interface should look something like this
interface serial 0
ip access-group 100 in
and you should see the following
access-list 100 deny udp any any range 137 138
access-list 100 permit ip any any
*note: the router may change the 137 and 138 to the word form of the port.
obviously you will have more to your running configuration than what is shown above
- Thread starter
- #3
intelwizrd
IS-IT--Management
you can apply it to the serial interface or the fastethernet interface. I have acls on both. I put the "netbios" related blocks on the serial interfaces of my router as i have multiple networks directly connected to my router and i need to be able to map a drive to my servers that have ip addresses in seperate networks. If I didn't need this ability, i would have put it on the fastethernet interfaces.
i could have done it on the fa int as well but i dont like to add extra permits or denies to my acls as i like to keep things as simple as possible.
i could have done it on the fa int as well but i dont like to add extra permits or denies to my acls as i like to keep things as simple as possible.
- Status
