Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

cisco 851 LAN port restrictions

how can i restrict an ip access on the one of the LAN ports, let it be the fa0 for example.

I tryed access group but even deny any any doesn't work, i think that acl doesn't work on LAN ports, can you help me?


Re: cisco 851 LAN port restrictions

Hello there!

Never used a 851 router but judging by the following link I dont see why you could not configure the ACL on this Fe interfaces.

could you please paste the configurations you are using (exact words).

example on the cisco site:

interface FastEthernet4

ip address

no ip directed-broadcast (default)

speed auto

ip nat outside

ip access-group 103 in

access-list 103 permit udp host any eq isakmp

access-list 103 permit udp host eq isakmp any

access-list 103 permit esp host any

access-list 103 permit icmp any any

access-list 103 deny ip any any

Please rate the post, if it helps.



Re: cisco 851 LAN port restrictions


FastEthernet4 is the routable LAN port, and the access list would indeed work here. But for ports 0 thru 3, since these are layer 2 only ports, the access list likely doesn´t work. I do not have an 851 router available to test this, so my apologies if I might be off here, but I am thinking of the following:



bridge irb


interface FastEthernet0

switchport access vlan 2


interface Vlan2

bridge-group 2


interface BVI2

ip address

ip nat inside

access-group 101 in


bridge 2 protocol ieee

bridge 2 route ip

So, basically, the FastEthernet0 is bound to BVI2, which is a virtual layer 3 interface, and to which you should be able to apply the access list. Just make sure that the IP address of the client uses the IP address of BVI2 as its default gateway (and has an IP address in the same subnet).

Can you try this out ?



Community Member

Re: cisco 851 LAN port restrictions

thanks, lan is lan :) trying to use different vlans and VTP ...

CreatePlease to create content