[[Client name]] ## 1. Remove the current client ACL conf t no ip access-list extended C-[[Vlan Number]] ## 2. Remove all interface configuration default interface GigabitEthernet 0/1.[[Vlan Number]] ## 3. Configure a new client ACL ip access-list extended C-[[Vlan Number]] permit ip any host [[PBS IP]] remark DENY CLIENT TELNET TO ROUTER deny tcp any host [[Gateway IP]] eq telnet deny tcp any host [[Gateway IP]] eq 22 remark DENY H232 AND SIP deny udp any any eq 1719 deny tcp any any eq 1720 deny tcp any any range 5060 5061 deny udp any any range 5060 5061 remark PERMIT CLIENT TO THEIR DEFAULT GATEWAY permit ip any [[Network IP]] 0.0.0.7 remark PERMIT DHCP permit udp any any range bootps bootpc remark DENY UNROUTABLE SUBNETS AND BAD PORTS deny ip 0.0.0.0 0.255.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip any 0.0.0.0 0.255.255.255 deny ip any 10.0.0.0 0.255.255.255 deny ip any 127.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 deny tcp any any range 135 139 deny udp any any range 135 netbios-ss deny tcp any any eq 445 deny tcp any any eq 593 deny tcp any any eq 1025 deny udp any any eq 1025 deny udp any any eq 1434 deny tcp any any eq 4444 deny tcp any any eq 5000 deny udp any any eq 5000 deny tcp any any range 6660 6669 deny udp any any range 6660 6669 deny tcp any any eq 7000 remark PERMIT CLIENT TO EVERYTHING ELSE permit ip any any ## 4. Configure the interface interface GigabitEthernet0/1.[[Vlan Number]] encapsulation dot1Q [[Vlan Number]] ip address [[Gateway IP]] 255.255.255.248 ip access-group C-[[Vlan Number]] in no ip redirects ip accounting output-packets ip flow ingress ip flow egress no ip nat inside ip virtual-reassembly no ip mroute-cache ## 5. Configure a static route ip route [[Network IP]] 255.255.255.248 GigabitEthernet0/1.[[Vlan Number]] name [[Client name]] ***Example: ip route 203.215.158.144 255.255.255.252 GigabitEthernet0/1.118 name Alion_Financial_Markets*** ## 6. Save the configuration end copy run start



Client name:
Vlan Number:
PBS IP:
Gateway IP:
Network IP:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: