Problems with access-list

Unanswered Question
Mar 24th, 2008

I am a very new user of Cisco routers but I have a small plain addressed ( network on wich I want to permit the primary 10 users to acces internet, another 80 Internet deny, and the rest also Internet acces. How can I construct an access-list to get that results

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Justin Brenton Mon, 03/24/2008 - 18:41

Hi cqoax_telcom,

This would depend on the ip address's that are in play, if you have a range of ip address's you wish to permit or deny then you could do this in 2 acl statements. 2 acls for the range to allow and as you may or maynot know at the end of a acl if nothing matches it will deny unmatched entries.

I.E. #access-list 10 deny

This example is list number 10, which deny's

then you would assign it to the interface

# int e1

#ip access-group 10 out|in - depending on incomming or outgoing that you want to deny traffic. You would use this same pattern to create permit trafficjust replace deny with permit.

Otherwise you would have to do each entry or try to find as many ip's in a range.

To deny by individual host:

#access-list 10 deny host

then you would assign it to the interface

# int e1

#ip access-group 10 out|in

You can also use extended acl's to block by tcp port if you like.


Please rate.



hobbe Tue, 03/25/2008 - 02:16

What type of device is it that you are using ?

Different devices have different ways of writing access-lists.



This Discussion