Well you can't disable broadcast's through these ports unless you block the ports. Just remember netbios traffic flows through port 137 & 138. The new worm virus uses these ports to spread and is known to have caused a menace even with cisco devices. I recommended using the following syntax to block the port 137,138. Most cisco routers running ios 11.2 and up support the following commands:
ip access-list extended block-ports
deny tcp any any eq 138
deny udp any any eq 138
deny tcp any any eq 137
deny udp any any eq 137
Now use the following command on the appropiate interfaces:
ip access-group block-ports in
ip access-group block-ports out
Because of the implicit deny at the end of an access list you will deny all traffic(oversight I'm sure). You need a permit statement to allow something.
Well, its an explicity deny all at the end of each access-list, so you will need add the follwoing rule to allow all other traffic through "permit ip any any"
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.