restict 3 ip address to access internet only

Unanswered Question
Jul 16th, 2007
User Badges:

Is there an easy way to set up a policy to restrict three source addresses to access the internet only and not the rest of the network?

They are on a switch that will trunk up to a 6509 then to a


Can this be done?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Richard Burts Mon, 07/16/2007 - 11:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


It can be done, but it may become tedious depending on how your network is structured. You would need to configure an access list and assign it inbound on the layer 3 interface that is the default gateway for these hosts. If the 3 hosts are all in the same VLAN/same subnet then it gets a bit easier because you need only a single access list. If the hosts are spread around then you would need an access list for each host.

The access list needs to be an extended access list and could be either named access list or numbered access list. In the access list you would have explicit deny statements with the host address as the source and denying access to any address within your network (that might be a single statement or might require multiple statements depending on how your network is structured). After you deny the host source address to any internal destination then you would permit any source address to any destination.



wilson_1234_2 Mon, 07/16/2007 - 11:20
User Badges:

Thanks Rick,

That is where I was headed.

I appreciate your input.

Your the Top Dawg now.

Here is 5 more points.


This Discussion