Block Traffic from Specific IP

Unanswered Question
Nov 6th, 2007
User Badges:

Hi,


I have a Cisco 871 Router and I have it configured with the following IP range.

Cisco IP: 10.10.10.1

Subnet: 255.255.255.248

Gateway: 10.10.10.1


The Clients use this settings

IP: 10.10.10.2 thru 10.10.10.6

GW: 10.10.10.1


I have a Wireless router whose WAN IP is 10.10.10.6 and LAN is set to 192.168.0.0 network. I want any device connected on the 192.168.0.0 network to not be able to access my 10. network.


How can I configure my Cisco to accomplish this?


Thanks,

Mandeep

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
intelide3 Tue, 11/06/2007 - 16:09
User Badges:

hi,


if you dont need any other network connectivity then just dont add a default gateway for 192.168.0.0 network.


HTH.

mskhalsa Tue, 11/06/2007 - 16:33
User Badges:

@intelide3


I can do that but I also should mention that I do want 192.168.0.0 network to be able to access the WAN (through the 10. network).


@uubozou11

I am trying to do this with ACL but apparently I am not entering the correct settings.

I have this

access-list 100 deny tcp 192.168.0.0 10.10.10.0 log


Thanks

intelide3 Wed, 11/07/2007 - 22:11
User Badges:

hi,


first we need to be clear whether wireless router perform NAT or routing.


by performing NAT(PAT) your 192.168.0 subnet will look like 10. ip - so cant be block entering 10.0 subnet (or the switch).


by routing : if that 192.168.0 subnet does not use a default gateway (ip 10.x.x.x the wireless router) for that 192.168.0.0 subnet - you will not be able to go to 10. network - hence you cant reach the internet.


you cant block the wireless 10.x.x.x ip itself entering your 10. subnet switch - but you can block it entering internet using basic standard extended ACL.


HTH.


pls rate :)

mskhalsa Fri, 11/09/2007 - 09:04
User Badges:

intelide3


Yes my router is setup to use NAT and though I am understanding most of what you are saying I am still looking for a viable option even if that means I have to get away from NAT and go to Routing.


Basically 192.x.x.x network should only be able to access the internet using the 10.10.10.1 as its gateway but still be blocked from everything else on the 10.10.10.x network.


I am confused on how to achieve this but if its not possible then I guess I will still survive!


Thanks,

Mandeep

Actions

This Discussion