Differences

This shows you the differences between two versions of the page.

--- cisco:acls:dedicated_drop_list [2026/02/12 18:17] – created admin
+++ cisco:acls:dedicated_drop_list [2026/02/12 18:39] (current) – admin
@@ Line 1: / Line 1: @@
 **Below is a Dedicated Drop ACL to put on your perimeter L3 device. "dirty side"**
-<code>
+<code lang="text">
-ip access-list extended DropACL
+interface GigabitEthernet0/1
-permit icmp any any traceroute
+ ip address 192.168.1.1 255.255.255.0
-permit icmp any any echo-reply
+ no shutdown
-!
+</code>
-remark *******Block Routing Protocols*******
-deny ospf any any
-deny eigrp any any
-remark *******Block Mgmt Services*******
-deny udp any any eq bootpc
-deny udp any any eq bootps
-deny udp any any eq snmp
-deny tcp any any eq snmp
-deny udp any any eq syslog
-deny tcp any any eq syslog
-deny udp  any any eq snmptrap
-deny tcp any any eq snmptrap
-deny tcp any any eq telnet
-deny udp any any eq tftp
-deny tcp any any eq 22
-deny tcp any any eq tacacs
-deny udp any any eq tacacs
-deny tcp any any range 1812 1813
-deny udp any any range 1812 1813
-remark *******RFC1918 Spoofing*******
-deny ip 10.0.0.0 0.255.255.255 any
-deny ip 172.16.0.0 0.15.255.255 any
-deny ip 192.168.0.0 0.0.255.255 any
-remark *******RFC3330 Spoofing*******
-deny ip 0.0.0.0 0.255.255.255 any
-deny ip 127.0.0.0 0.255.255.255 any
-deny ip 192.0.2.0 0.0.0.255 any
-deny ip 169.254.0.0 0.0.255.255 any
-deny ip 192.88.99.0 0.0.0.255 any
-deny ip 198.18.0.0 0.1.255.255 any
-deny ip 240.0.0.0 15.255.255.255 any
-deny ip 255.0.0.0 0.255.255.255 any
-remark *******Unallocated Spoofing*******
-deny ip 128.0.0.0 0.0.255.255 any
-deny ip 191.255.0.0 0.0.255.255 any
-deny ip 192.0.0.0 0.0.0.255 any
-deny ip 223.255.255.0 0.0.0.255 any
-!
-remark *******Multicast Spoofing*******
-deny ip 224.0.0.0 31.255.255.255 any
-!
-remark ***********************************
-remark ***Allow Transit Traffic***********
-permit ip any any
-</code>

My DokuWiki

User Tools

Site Tools

Differences

Page Tools