Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Beginner Access control Lists

I have a 6509 with a router module installed. On this router I have multiple vlan interfaces one for each subnet. I am adding a new subnet which I want to isolate except for outbound Internet access and specified functions between the subnets.

the subnets are which is the gateway to the internet, and I want to add

All of these have an interface on the router of 1 as the last octet. I have written the following access lists


deny ip

deny ip

deny ip

permit ip any any


permit ip eq telnet

Will these access lists do what I need and which should be applied outbound and which should be applied inbound


Hall of Fame Super Silver

Re: Beginner Access control Lists

Hello Ron,

I would suggest you to use only one ACL.

first the permitted communication between local subnets

access-list 105 permit tcp eq telnet

! note the position of the TCP port you want to have telnet access to devices in from

! then you deny all other internal communication

access-list 105 deny ip

access-list 105 deny ip

access-list 105 deny ip

! then you permit internet access

access-list 105 permit ip any

! in this way you have also anti-spoofing you don't allow a source non in to go out

I would apply this ACL inbound on SVI Vlan with ip address

let's suppose it is vlan 10:

int vlan 10

ip access-group 105 in

Hope to help


CreatePlease to create content