Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How to Block this using Extended ACL

Hi All, Here is the scenario which i am using


TASK: I want to block all the data stream destined to which travel from port 80 of http server.

I am trying the Extended access list as follows

access-list 131 deny tcp host eq www host

access-list 131 permit ip any any

ip access-group 131 out at FastEthernet interface of HTTP server router

However it is not working as expected, Everything works normal.Where i am wrong?

Everyone's tags (3)

How to Block this using Extended ACL

Hi Bro

In R1, just do this if you're plannin to block the source from the LAN in R1 to, and all should be good.


access-list 100 deny tcp any host eq 80

access-list 100 permit ip any any


interface FastEthernet 0/0

description ### WAN Link ###

ip address


interface FastEthernet 0/1

description ### LAN Link ###

ip access-group 100 in


However, if you're trying to block R1 (from R1 itself) in reaching R2 via TCP/80, then you'll need to use the MPF method shown below;


class-map CM_HTTP

match access-group 100


policy-map PM_HTTP

class CM_HTTP




service-policy output PM_HTTP


P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
CreatePlease to create content