Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS ACL deny vs. null-route

Apologies for what may be an overly-elementary question.

If I wish to block all traffic from one or more IP ranges at a public-facing border router running IOS, which is more efficient from the router's point of view: an access-list deny for the address range, or a static route for that range to Null0?

1 REPLY
Hall of Fame Super Blue

Re: IOS ACL deny vs. null-route

No need to apologize.

You need to use an acl entry because a static route would only work with the return traffic because with incoming traffic the destination is one of your address ranges.

And if you are worried about that range you don't want to allow the traffic in at all.

Jon

819
Views
0
Helpful
1
Replies
CreatePlease to create content