Typical ACLs on Edge Routers
Add the ACLs into the router… This is not a dangerous step, nothing will happen until you apply it on the interface.
configure terminal access-list 1 remark Anti Spof for Serial I/F access-list 1 deny 220.127.116.11 0.0.0.7 access-list 1 deny 127.0.0.0 0.255.255.255 access-list 1 deny 10.0.0.0 0.255.255.255 access-list 1 deny 172.16.0.0 0.15.255.255 access-list 1 deny 192.168.0.0 0.0.255.255 access-list 1 permit any access-list 2 remark Access to Admin Interface access-list 2 permit 18.104.22.168 0.0.0.7 access-list 2 deny any [CTRL]+[Z]
To verify the access lists:
To apply the ACL for telnet to the admin interface:
configure terminal line vty 1 4 access-class 2 in [CTRL]+[Z]
This does not affect session 0 just 1-4. Make sure it works, by first making sure you can telnet to the vty from inside your network. Then make sure you cannot from the outside internet.
Next apply it to all vtys:
configure terminal line vty 0 4 access-class 2 in [CTRL]+[Z]
Retest, make sure you can get in BEFORE you drop your current console. Now the Anti-Spoof ACLs on the serial I/F. NOTE I am guessing on the interface name.
configure terminal interface serial 0 ip access-group 1 in [CTRL]+[Z]