Assistance wth Access-list

Unanswered Question
Mar 26th, 2008

Need configuration assistance on 6509: Goal is to block inbound traffic on interface except from and

This is what I have but is not working - what am I missing


interface vlan xx

ip access-group 100 in


ip access-list standard 100

permit ip any

permit ip any

deny ip any any

on pix

access-list 100 permit ip

access-list 100 permit ip

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Istvan_Rabai Wed, 03/26/2008 - 13:12

Hi Johanna,

The access-list would be the following:

ip access-list standard traffic_in



interface vlan xx

ip access-group traffic_in in

If you use "permit" only in the access-list, then it will permit the source address only, not the entire subnet.

My supposition is that the subnets are:

This is why I chose the given wildcard mask in the access-list.

You don't have to put "deny any" at the end of the access-list, because there is an implicit deny at the end anyway.




This Discussion