i could just test this in the lab, but i want to run it by u guys...i created an extended acl with a deny as the first line, and permits there after...will that work?...
ip access-list extended test
deny tcp host 10.75.50.50 any www
permit icmp any any echo
permit icmp any any echo-reply
permit ip any any
thanks in advance
You are correct. To make this ACL work it needs to be placed inbound because you are denying traffic coming into the router or switch. Here is a guide that will help you decide which direction to place the ACL.
Yes this will work. This will block 10.75.50.50 from using web access.
It will block all TCP 80 traffic sourcing from host 10.75.50.50, but all other traffic will be allowed. Also you don't need the icmp permits, the ip any any covers icmp too (unless you're doing it for hit counts).
Hope that helps.