Wednesday, August 17, 2016

Implment RFC1918 or Deny Private IP in Internet.




ACL to Deny Private IP:
Internet not allows Private IP Address. So ISP should be denied Private IP Address in internet.

Create Access List to filter Private IP address.

Router(config)#Access-list 100 deny ip 10.0.0.0 0.255.255.255 any             // Deny Class A private IP
 Router(config)#Access-list 100 deny ip 172.16.0.0 0.15.255.255 any           // Deny Class B private IP
Router(config)#Access-list 100 deny ip 192.168.0.0 0.0.255.255 any           // Deny Class C private IP
Router(config)#Access-list 100 deny ip 127.0.0.0 0.255.255.255 any           // Deny loopback IP Address
Router(config)#Access-list 100 deny ip 169.254.0.0 0.0.255.255 any           // Deny APIPA
Router(config)#Access-list 100 deny ip 224.0.0.0 15.255.255.255 any         // Deny Class D Multicast (Private Multicast range 224.0.0.0/4)
Router(config)#Access-list 100 deny ip 240.0.0.0 7.255.255.255 any           // Deny Class E Multicast

Router(config)#Access-list 100 deny ip 255.255.255.255 0.0.0.0 any           //Deny Broadcast
Router(config)#Access-list 100 permit  ip any any

Router(Config)#int fa0/0
Router(Config-if)#ip access-group 100 in



By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Configure rb metal 2shpn As Access Point

Turn On rb Metal 2shpn Router as like : Connect rb metal 2shpn with your Laptop by winbox. Open Winbox: Click on Neighbors you w...