req help: creating access-lists

Unanswered Question
Mar 17th, 2009

cisco 2651XM router

IOS: c2600-adventerprisek9-mz.124-15.T8.bin

connected to internet by wic1-adsl card

I would like to configure my router to block the following ranges of ip's.

Start IP End IP

problem is I'm beginner level at configuring the cisco router so I'd appreciate help in knocking up a set of access lists that will do this job. Thanks for any advice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
adamclarkuk_2 Tue, 03/17/2009 - 04:07


access-list xxx deny ip any

access-list xxx deny ip any

access-list xxx deny ip

rpfinneran Wed, 03/18/2009 - 00:03

Also, one final note, 12.4(15)T8 supports named ACL's, as does almost any IOS these days. This is a highly recommended practice.

I have seen several times on our network where someone wants to remove a subnet from a numbered ACL and enters the following command...

no access-list xxx deny ip any

Unfortunately, the router just reads this as no access-list xxx and deletes the entire ACL. The recommended way to do this would be as follows...

ip access-list extended

deny ip any

deny ip any

deny ip


interface x/x

ip access-group


Named ACL's are also typically easier to find in the config. For example, if you were to use a numbered acl, say ACL 5, and later need to find where all it is used, you would have to search the config for "5" and that could appear many, many times. One final recommendation I make is that you use all caps when naming anything in your configuration. This makes it pretty simple to see what is something you named versus what is part of the routers parser syntax.


This Discussion