Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

restict 3 ip address to access internet only

Is there an easy way to set up a policy to restrict three source addresses to access the internet only and not the rest of the network?

They are on a switch that will trunk up to a 6509 then to a


Can this be done?

  • WAN Routing and Switching
Hall of Fame Super Silver

Re: restict 3 ip address to access internet only


It can be done, but it may become tedious depending on how your network is structured. You would need to configure an access list and assign it inbound on the layer 3 interface that is the default gateway for these hosts. If the 3 hosts are all in the same VLAN/same subnet then it gets a bit easier because you need only a single access list. If the hosts are spread around then you would need an access list for each host.

The access list needs to be an extended access list and could be either named access list or numbered access list. In the access list you would have explicit deny statements with the host address as the source and denying access to any address within your network (that might be a single statement or might require multiple statements depending on how your network is structured). After you deny the host source address to any internal destination then you would permit any source address to any destination.



New Member

Re: restict 3 ip address to access internet only

Thanks Rick,

That is where I was headed.

I appreciate your input.

Your the Top Dawg now.

Here is 5 more points.