Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

accesslist

Dear all

we have to restrict the network ie 10.116.125.0 network to block the server 10.100.7.###

pls post some accesslist

2 REPLIES
Bronze

Re: accesslist

Since you have specified both the source and the destination, you might wanna use an extended access list similar to the one below:

access-list 101 deny ip 10.116.125.0 0.0.0.255 host 10.100.7.### log

Please make sure you apply it in the right direction on the right interface. Usually extended accesslists are applied closer to the source of the traffic.

Silver

Re: accesslist

also, if you'll go with the mentioned line, do not forget

access-list 101 permit ip any any

because of implicit deny at the end of any ACL.

ACL's are written in Source-Destination format.

So let's say it's:

SERVER10.100-----ETH1(RTR)ETH0-----NET:10.116

And you don't want users from, network 10.116.125.0 accessing the server.

Then it's:

(config)#access-list 150 deny ip 10.116.125.0 0.0.0.255 host 10.100.7.XXX

(config)#access-list 150 permit ip any any

(config)#int eth 0

(config-if)#ip access-group 150 out

You can add log keyword at the end of any ACL line to have router logging matched entries. But be careful! what is logged is done in software and can substantially limit your router's performance

222
Views
0
Helpful
2
Replies
CreatePlease to create content