Problems with access-list

cgoax_telecom · ‎03-24-2008

I am a very new user of Cisco routers but I have a small plain addressed (192.168.1.0/24) network on wich I want to permit the primary 10 users to acces internet, another 80 Internet deny, and the rest also Internet acces. How can I construct an access-list to get that results

Justin Brenton · ‎03-24-2008

Hi cqoax_telcom,

This would depend on the ip address's that are in play, if you have a range of ip address's you wish to permit or deny then you could do this in 2 acl statements. 2 acls for the range to allow and as you may or maynot know at the end of a acl if nothing matches it will deny unmatched entries.

I.E. #access-list 10 deny 172.16.10.0 0.0.0.255

This example is list number 10, which deny's 172.16.10.1- 172.16.10.255

then you would assign it to the interface

# int e1

#ip access-group 10 out|in - depending on incomming or outgoing that you want to deny traffic. You would use this same pattern to create permit trafficjust replace deny with permit.

Otherwise you would have to do each entry or try to find as many ip's in a range.

To deny by individual host:

#access-list 10 deny host 172.16.30.2

then you would assign it to the interface

# int e1

#ip access-group 10 out|in

You can also use extended acl's to block by tcp port if you like.

HTH.

Please rate.

Regards,

Justin

hobbe · ‎03-25-2008

What type of device is it that you are using ?

Different devices have different ways of writing access-lists.

HTH

matt15 · ‎03-25-2008

Hi cgoax,

May I know your network connection first?

-Martee