Cisco Support Community
Community Member

Blocking Host at gateway router

I have a 2610 router as my gateway. I want to block and ip range from passing through. I have been under a constant flow of MSSQL Command sig's and want to block the entire network. What is the syntax for the access list. I have "access-list 100 deny ip host any ". This range is still passing through. Help?


Re: Blocking Host at gateway router

Three things are wrong. First, your access list will deny the "host", which doesn't exist. Second, the access list blocks everything, since there is an implied "deny any any" at the end of every access list, unless you put "permit any any" at the end. Third, you do not mention applying the access list as an access group on an interface, so the access list has no effect.

Since you only want to block based upon the source IP address, there is no need for an extended access list. Use the following commands:

access-list x deny

access-list x permit any

where x is between 1 and 99. Then, on an interface, enter the command "ip access-group x (in|out)". In and out refers to the direction data is taking with regard to the interface you are configuring. Be sure to specify an interface and direction that is consistent with a source address in the network.

Good Luck!


CreatePlease to create content