Access List configuration

Unanswered Question
Oct 8th, 2007
User Badges:

I am trying to block a certain host on port 80, but can't seem to get the ACL syntax correct and also can't bound it to an interface. Below is the commands that I have entered.

deny tcp host any eq 80

permit ip any any

I have also added the access group to an interface.

># int FastEthernet0/0

># ip access-group "acl name" in.

Can someone help me out.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jon Marshall Mon, 10/08/2007 - 10:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Could you be more specific as to what you want to do.

deny tcp host x.x.x.x any eq 80

says "do not allow the host x.x.x.x to talk to any machines on port 80". Is this what you want.

deny tcp any host x.x.x.x eq 80

says "do not allow any machine to talk to host x.x.x.x on port 80.

the command

ip access-group "acl_name" in

under interface config mode should work. What happens when you do a

sh run int fa0/0

do you see the config applied ?



This Discussion