09-23-2002 07:42 AM - edited 02-20-2020 10:15 PM
I'm trying to permit certain systems on the 172.16.x.x network & block the rest. Below contains my access list,
I allow access to 172.16.2.1, .2, .4, .10.
I want to blcok ALL other systems on the 172.16.x.x network with the "access-list host deny ip any host 172.16.0.0" but this statement is not working.
Help Please !!
Access-list host permit ip any host 172.16.2.1
access-list host permit ip any host 172.16.2.2
access-list host permit ip any host 172.16.2.4
access-list host permit ip any host 172.16.2.10
access-list host deny ip any host 172.16.0.0
access-list host permit ip any any
09-23-2002 07:46 AM
Also, I've already tried this statement.
access-list host permit ip any host 172.16.2.1
access-list host permit ip any host 172.16.2.2
access-list host permit ip any host 172.16.2.4
access-list host permit ip any host 172.16.2.10
access-list host permit ip any any
access-list host deny ip any host 172.16.0.0
09-23-2002 09:19 AM
Your first acl is close. Change the last line from:
access-list host deny ip any host 172.16.0.0
to
access-list host deny ip any 172.16.0.0 255.255.0.0
This assumes 172.16.x.x is the destination, not the source of the packets.
Remember with extended acl's it is source then destination.
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide