Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Problems with access-list

I am a very new user of Cisco routers but I have a small plain addressed (192.168.1.0/24) network on wich I want to permit the primary 10 users to acces internet, another 80 Internet deny, and the rest also Internet acces. How can I construct an access-list to get that results

3 REPLIES

Re: Problems with access-list

Hi cqoax_telcom,

This would depend on the ip address's that are in play, if you have a range of ip address's you wish to permit or deny then you could do this in 2 acl statements. 2 acls for the range to allow and as you may or maynot know at the end of a acl if nothing matches it will deny unmatched entries.

I.E. #access-list 10 deny 172.16.10.0 0.0.0.255

This example is list number 10, which deny's 172.16.10.1- 172.16.10.255

then you would assign it to the interface

# int e1

#ip access-group 10 out|in - depending on incomming or outgoing that you want to deny traffic. You would use this same pattern to create permit trafficjust replace deny with permit.

Otherwise you would have to do each entry or try to find as many ip's in a range.

To deny by individual host:

#access-list 10 deny host 172.16.30.2

then you would assign it to the interface

# int e1

#ip access-group 10 out|in

You can also use extended acl's to block by tcp port if you like.

HTH.

Please rate.

Regards,

Justin

Gold

Re: Problems with access-list

What type of device is it that you are using ?

Different devices have different ways of writing access-lists.

HTH

New Member

Re: Problems with access-list

Hi cgoax,

May I know your network connection first?

-Martee

255
Views
0
Helpful
3
Replies
CreatePlease to create content