IOS ACL deny vs. null-route

Unanswered Question
Oct 2nd, 2008

Apologies for what may be an overly-elementary question.

If I wish to block all traffic from one or more IP ranges at a public-facing border router running IOS, which is more efficient from the router's point of view: an access-list deny for the address range, or a static route for that range to Null0?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 10/02/2008 - 12:13

No need to apologize.

You need to use an acl entry because a static route would only work with the return traffic because with incoming traffic the destination is one of your address ranges.

And if you are worried about that range you don't want to allow the traffic in at all.

Jon

Actions

This Discussion