cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
0
Helpful
2
Replies

accesslist

subashmbi
Level 1
Level 1

Dear all

we have to restrict the network ie 10.116.125.0 network to block the server 10.100.7.###

pls post some accesslist

2 Replies 2

arvindchari
Level 3
Level 3

Since you have specified both the source and the destination, you might wanna use an extended access list similar to the one below:

access-list 101 deny ip 10.116.125.0 0.0.0.255 host 10.100.7.### log

Please make sure you apply it in the right direction on the right interface. Usually extended accesslists are applied closer to the source of the traffic.

Pavel Bykov
Level 5
Level 5

also, if you'll go with the mentioned line, do not forget

access-list 101 permit ip any any

because of implicit deny at the end of any ACL.

ACL's are written in Source-Destination format.

So let's say it's:

SERVER10.100-----ETH1(RTR)ETH0-----NET:10.116

And you don't want users from, network 10.116.125.0 accessing the server.

Then it's:

(config)#access-list 150 deny ip 10.116.125.0 0.0.0.255 host 10.100.7.XXX

(config)#access-list 150 permit ip any any

(config)#int eth 0

(config-if)#ip access-group 150 out

You can add log keyword at the end of any ACL line to have router logging matched entries. But be careful! what is logged is done in software and can substantially limit your router's performance

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco