Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

need for Access_list

I want to deny this IP range


                10.25.0.1 – 10.25.0.255

                10.25.1.1 – 10.25.1.255


Permit only 1 host


                10.25.7.136  255.255.255.192

Using access-list. with the  Current configuration

interface GigabitEthernet0/0

ip address 192.168.2.3 255.255.255.0

ip nat inside

ip virtual-reassembly in max-fragments 64 max-reassemblies 256

interface GigabitEthernet0/1

description ### ADSL WAN Interface ###

no ip address

  pppoe enable group global

pppoe-client dial-pool-number 1

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

interface Dialer1

description ### ADSL WAN Dialer ###

ip address negotiated

ip mtu 1492

ip nat outside

no ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username xxxxxx password 7 xxxxxxxx!

ip forward-protocol nd

ip http server

no ip http secure-server

ip nat inside source list 101 interface Dialer1 overload

ip nat inside source static tcp 10.25.8.90 22 interface Dialer1 22

ip nat inside source static udp 10.25.8.90 500 interface Dialer1 500

ip nat inside source static udp 10.25.8.90 4500 interface Dialer1 4500

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.25.0.0 255.255.0.0 192.168.2.1

!

access-list 101 permit ip 10.25.0.0 0.0.255.255 any

access-list 112 deny   ip host 10.25.8.90 any

dialer-list 1 protocol ip permit

1 REPLY
Bronze

need for Access_list

If you would like to allow only one IP then you can go with the below one

ip access-list extended 102

10 permit ip host 10.25.7.136 any

Or if you would like to permit other networks as well then add them to this list and leave it as the implicit deny will catch other subnets and deny it.

where do you want to apply the ACL??

Thx, Kasi

472
Views
0
Helpful
1
Replies
CreatePlease to create content