cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1576
Views
0
Helpful
1
Replies

IOS ACL deny vs. null-route

gkuzmowycz
Level 1
Level 1

Apologies for what may be an overly-elementary question.

If I wish to block all traffic from one or more IP ranges at a public-facing border router running IOS, which is more efficient from the router's point of view: an access-list deny for the address range, or a static route for that range to Null0?

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

No need to apologize.

You need to use an acl entry because a static route would only work with the return traffic because with incoming traffic the destination is one of your address ranges.

And if you are worried about that range you don't want to allow the traffic in at all.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: