Well, that "permit ip any any" would pretty much do that. Usually (in this
type of scenario), what you do is figure out what you want to deny and then
permit the rest.
Any other security concerns, or specific needs would really depend on your
network design, and treated on a case-by-case basis...
On the other hand, if you're interested, I'd be happy to consult with you on
this and either work on your network or train you to do so. :)
Scott Morris, MCSE, CCDP, CCIE2 (R&S/ISP-Dial) #4713, CCNA-WAN Switching,
Security Specialization, Cable Communications Specialist
CCSI #21903
swm@emanon.com
-----Original Message-----
From: Tejal Shah [mailto:tejal.shah@surat.iqara.net]
Sent: Monday, March 11, 2002 8:49 AM
To: isp-cable@isp-cable.com
Cc: isp-cable@isp-cable.com
Subject: Re: RE: CISCO CMTS question ? ? ? ?
Thanks Scott.
If i want to stop any kind of access between the client and
permit only internet access how can i do it? ? ?
Tejal
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
Date: Monday, March 11, 2002 7:10 pm
Subject: RE: CISCO CMTS question ? ? ? ?
> access-list 101 deny icmp 24.16.16.0 0.0.0.255
> 24.16.16.0 0.0.0.255
> access-list 101 permit ip any any
>
> int cable 3/0
> ip access-group 101 out
>
> Or something along those lines, adjusted for your own
> IP subnets, and other
> security concerns!
>
> Scott
>
>
> -----Original Message-----
> From: Tejal Shah [mailto:tejal.shah@surat.iqara.net]
> Sent: Monday, March 11, 2002 7:34 AM
> To: isp-cable@isp-cable.com
> Subject: CISCO CMTS question ? ? ? ?
>
>
> Hi all,
>
> we have cisco CMTS ubr 7246VXR.
> How can i block my client to ping each other???
> As of now all of my client able to pin each other.
>
> thanks in advance
>
> Tejal
>
>
> Go To http://www.iqara.net
>
>
>
>
> _____________ The ISP-CABLE Discussion List
> ____________To Join: mailto:join-isp-cable@isp-cable.com
> To Remove: mailto:remove-isp-cable@isp-cable.com
> Archives: http://isp-lists.isp-planet.com/isp-cabl
>
>
>
>
> _____________ The ISP-CABLE Discussion List
> ____________To Join: mailto:join-isp-cable@isp-cable.com
> To Remove: mailto:remove-isp-cable@isp-cable.com
> Archives: http://isp-lists.isp-planet.com/isp-cabl
>
Go To http://www.iqara.net
_____________ The ISP-CABLE Discussion List ____________
To Join: mailto:join-isp-cable@isp-cable.com
To Remove: mailto:remove-isp-cable@isp-cable.com
Archives: http://isp-lists.isp-planet.com/isp-cable/archives/
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:07 EDT