Differences

This shows you the differences between two versions of the page.

--- cisco:acls:dedicated_drop_list [2026/02/13 16:06] – admin
+++ cisco:acls:dedicated_drop_list [2026/02/13 16:19] (current) – admin
@@ Line 1: / Line 1: @@
 **Below is a Dedicated Drop ACL to put on your perimeter L3 device. "dirty side"**
-<code>
+<codeprism lang=vim title=test-codeprism>
-interface GigabitEthernet0/1
+ip access-list extended DropACL
- ip address 192.168.1.1 255.255.255.0
+permit icmp any any traceroute
- no shutdown
+permit icmp any any echo-reply
-</code>
+!
+remark *******Block Routing Protocols*******
+deny ospf any any
+deny eigrp any any
+remark *******Block Mgmt Services*******
+deny udp any any eq bootpc
+deny udp any any eq bootps
+deny udp any any eq snmp
+deny tcp any any eq snmp
+deny udp any any eq syslog
+deny tcp any any eq syslog
+deny udp  any any eq snmptrap
+deny tcp any any eq snmptrap
+deny tcp any any eq telnet
+deny udp any any eq tftp
+deny tcp any any eq 22
+deny tcp any any eq tacacs
+deny udp any any eq tacacs
+deny tcp any any range 1812 1813
+deny udp any any range 1812 1813
+remark *******RFC1918 Spoofing*******
+deny ip 10.0.0.0 0.255.255.255 any
+deny ip 172.16.0.0 0.15.255.255 any
+deny ip 192.168.0.0 0.0.255.255 any
+remark *******RFC3330 Spoofing*******
+deny ip 0.0.0.0 0.255.255.255 any
+deny ip 127.0.0.0 0.255.255.255 any
+deny ip 192.0.2.0 0.0.0.255 any
+deny ip 169.254.0.0 0.0.255.255 any
+deny ip 192.88.99.0 0.0.0.255 any
+deny ip 198.18.0.0 0.1.255.255 any
+deny ip 240.0.0.0 15.255.255.255 any
+deny ip 255.0.0.0 0.255.255.255 any
+remark *******Unallocated Spoofing*******
+deny ip 128.0.0.0 0.0.255.255 any
+deny ip 191.255.0.0 0.0.255.255 any
+deny ip 192.0.0.0 0.0.0.255 any
+deny ip 223.255.255.0 0.0.0.255 any
+!
+remark *******Multicast Spoofing*******
+deny ip 224.0.0.0 31.255.255.255 any
+!
+remark ***********************************
+remark ***Allow Transit Traffic***********
+permit ip any any
+</codeprism>

My DokuWiki

User Tools

Site Tools

Differences

Page Tools