VLAN to default
conf t ## 1. Remove the current client ACL ## 2. Remove all interface configuration default interface GigabitEthernet0/1.[[Vlan]] ## 3. Configure a new client ACL no ip access-list extended C-[[Vlan]] ip access-list extended C-[[Vlan]] remark PERMIT CLIENT TO PBS permit ip any host [[PBS IP]] remark DENY CLIENT TELNET TO ROUTER deny tcp any host 192.168.[[Vlan]].1 eq telnet deny tcp any host 192.168.[[Vlan]].1 eq 22 remark DENY H232 AND SIP deny udp any any eq 1719 deny tcp any any eq 1720 deny tcp any any range 5060 5061 deny udp any any range 5060 5061 remark PERMIT CLIENT TO THEIR DEFAULT GATEWAY permit ip any 192.168.[[Vlan]].0 0.0.0.255 remark PERMIT DHCP permit udp any any range 67 68 remark DENY UNROUTABLE SUBNETS AND BAD PORTS deny ip 0.0.0.0 0.255.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip any 0.0.0.0 0.255.255.255 deny ip any 10.0.0.0 0.255.255.255 deny ip any 127.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 deny tcp any any range 135 139 deny udp any any range 135 netbios-ss deny tcp any any eq 445 deny tcp any any eq 593 deny tcp any any eq 1025 deny udp any any eq 1025 deny udp any any eq 1434 deny tcp any any eq 4444 deny tcp any any eq 5000 deny udp any any eq 5000 deny tcp any any range 6660 6669 deny udp any any range 6660 6669 deny tcp any any eq 7000 remark PERMIT CLIENT TO EVERYTHING ELSE permit ip any any ## 4. Configure the interface interface Gi0/1.[[Vlan]] encapsulation dot1Q [[Vlan]] ip address 192.168.[[Vlan]].1 255.255.255.0 ip access-group C-[[Vlan]] in no ip redirects ip accounting output-packets ip flow ingress ip flow egress ip nat inside ip virtual-reassembly no ip mroute-cache ## 5. Remove the static route (srs ip route) no ip route ## 6. Save the configuration end copy run start



Vlan:
PBS IP:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: