03-24-2008 04:43 PM - edited 03-05-2019 09:56 PM
I am a very new user of Cisco routers but I have a small plain addressed (192.168.1.0/24) network on wich I want to permit the primary 10 users to acces internet, another 80 Internet deny, and the rest also Internet acces. How can I construct an access-list to get that results
03-24-2008 06:41 PM
Hi cqoax_telcom,
This would depend on the ip address's that are in play, if you have a range of ip address's you wish to permit or deny then you could do this in 2 acl statements. 2 acls for the range to allow and as you may or maynot know at the end of a acl if nothing matches it will deny unmatched entries.
I.E. #access-list 10 deny 172.16.10.0 0.0.0.255
This example is list number 10, which deny's 172.16.10.1- 172.16.10.255
then you would assign it to the interface
# int e1
#ip access-group 10 out|in - depending on incomming or outgoing that you want to deny traffic. You would use this same pattern to create permit trafficjust replace deny with permit.
Otherwise you would have to do each entry or try to find as many ip's in a range.
To deny by individual host:
#access-list 10 deny host 172.16.30.2
then you would assign it to the interface
# int e1
#ip access-group 10 out|in
You can also use extended acl's to block by tcp port if you like.
HTH.
Please rate.
Regards,
Justin
03-25-2008 02:16 AM
What type of device is it that you are using ?
Different devices have different ways of writing access-lists.
HTH
03-25-2008 10:38 AM
Hi cgoax,
May I know your network connection first?
-Martee
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide