Cisco Support Community
Community Member

access-list for cisco 831 router

i need to program my router to allow to access to the net. i need addresses to to be denied acces to the net.

i have spent a lot of time with the access-list stuff, and can not come up with the right parameters.

can someone help?

Community Member

Re: access-list for cisco 831 router

Some more details about your config would have helped. Anyway I will give it a shot. I expect the router being configured with a PPPoE or a PPPoA client on a dialer interface (if not adapt ...)

Therefore you configure an ip access list as follows:

access-list 1 permit

and you apply it to the LAN ethernet (ethernet 0?)

ip access-group 1 in

Be wary that this will prevent access to the router to those IP's.

In case you wish to apply the access-list to the wan ethernet outboud (or the dialer) the problem is that the access list would be tested after the NAT and therefore it would not match because the source address has already been changed.

Therefore you need to change the NAT to only NAT the permitted addresses and then change the outbound access list to deny the prohibited desired range.

access-list 1 deny

access-list 1 permit any

This needs to be applied to the outbound dialer interface in the out direction.



CreatePlease to create content