Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access list to filter APNIC addresses.

I have put an access list on the serial sub interface to block addresses from Asia Pacific, but when I check my internal logs I am seeing that they are still coming through. Here is my access list setup.

!

interface Serial0/0.1 point-to-point

description connected to Internet

ip address 67.x.x.x 255.255.255.252

ip access-group 2 in

ip nat outside

frame-relay interface-dlci 606

!

access-list 2 deny 67.117.54.0

access-list 2 deny 131.171.48.0

access-list 2 deny 67.92.0.0

access-list 2 deny 67.40.82.0

access-list 2 deny 61.0.0.0

access-list 2 deny 67.113.86.0

access-list 2 deny 62.199.133.0

access-list 2 deny 67.104.151.0

access-list 2 deny 194.0.0.0

access-list 2 deny 202.0.0.0

access-list 2 deny 203.0.0.0

access-list 2 deny 210.0.0.0

access-list 2 deny 67.17.128.0

access-list 2 deny 211.0.0.0

access-list 2 deny 212.0.0.0

access-list 2 deny 67.105.254.0

access-list 2 deny 213.0.0.0

access-list 2 deny 67.92.202.0

access-list 2 deny 218.0.0.0

access-list 2 deny 219.0.0.0

access-list 2 deny 220.0.0.0

access-list 2 deny 221.0.0.0

access-list 2 deny 216.35.10.0

access-list 2 deny 61.134.74.0

access-list 2 deny 213.35.0.0

access-list 2 permit any

What could be wrong with my setup?

Thanks for any help

Todd

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: access list to filter APNIC addresses.

If you don't specify wild card mask, there is a implicit 0.0.0.0 at the end. So make sure you put in wild card at the end.

1 REPLY
New Member

Re: access list to filter APNIC addresses.

If you don't specify wild card mask, there is a implicit 0.0.0.0 at the end. So make sure you put in wild card at the end.

243
Views
0
Helpful
1
Replies
CreatePlease login to create content