need for Access_list

joel.palen · ‎09-06-2013

I want to deny this IP range

10.25.0.1 – 10.25.0.255

10.25.1.1 – 10.25.1.255

Permit only 1 host

10.25.7.136 255.255.255.192

Using access-list. with the Current configuration

interface GigabitEthernet0/0

ip address 192.168.2.3 255.255.255.0

ip nat inside

ip virtual-reassembly in max-fragments 64 max-reassemblies 256

interface GigabitEthernet0/1

description ### ADSL WAN Interface ###

no ip address

pppoe enable group global

pppoe-client dial-pool-number 1

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

interface Dialer1

description ### ADSL WAN Dialer ###

ip address negotiated

ip mtu 1492

ip nat outside

no ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username xxxxxx password 7 xxxxxxxx!

ip forward-protocol nd

ip http server

no ip http secure-server

ip nat inside source list 101 interface Dialer1 overload

ip nat inside source static tcp 10.25.8.90 22 interface Dialer1 22

ip nat inside source static udp 10.25.8.90 500 interface Dialer1 500

ip nat inside source static udp 10.25.8.90 4500 interface Dialer1 4500

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.25.0.0 255.255.0.0 192.168.2.1

!

access-list 101 permit ip 10.25.0.0 0.0.255.255 any

access-list 112 deny ip host 10.25.8.90 any

dialer-list 1 protocol ip permit

Kasiraman S · ‎09-07-2013

If you would like to allow only one IP then you can go with the below one

ip access-list extended 102

10 permit ip host 10.25.7.136 any

Or if you would like to permit other networks as well then add them to this list and leave it as the implicit deny will catch other subnets and deny it.

where do you want to apply the ACL??

Thx, Kasi