03-03-2006 03:09 AM - edited 03-03-2019 11:56 AM
Dear all
we have to restrict the network ie 10.116.125.0 network to block the server 10.100.7.###
pls post some accesslist
03-03-2006 03:17 AM
Since you have specified both the source and the destination, you might wanna use an extended access list similar to the one below:
access-list 101 deny ip 10.116.125.0 0.0.0.255 host 10.100.7.### log
Please make sure you apply it in the right direction on the right interface. Usually extended accesslists are applied closer to the source of the traffic.
03-04-2006 12:50 AM
also, if you'll go with the mentioned line, do not forget
access-list 101 permit ip any any
because of implicit deny at the end of any ACL.
ACL's are written in Source-Destination format.
So let's say it's:
SERVER10.100-----ETH1(RTR)ETH0-----NET:10.116
And you don't want users from, network 10.116.125.0 accessing the server.
Then it's:
(config)#access-list 150 deny ip 10.116.125.0 0.0.0.255 host 10.100.7.XXX
(config)#access-list 150 permit ip any any
(config)#int eth 0
(config-if)#ip access-group 150 out
You can add log keyword at the end of any ACL line to have router logging matched entries. But be careful! what is logged is done in software and can substantially limit your router's performance
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: