Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Standard Access-list

i have a question.....suppose i have a two ethernets one is and the other is i want to restrict 1.0 network going to 2.0 network (any service complete deny) i would use standard access-list now when i create access list it would be like

router(config)# Access-list 1 deny now the wild card would be what i know it would be so if i write what would happen is it fine as well or not????? secondly what is the rule for access list i mean the placement of access list like near to destination source etc....thanks in advance

Community Member

Re: Standard Access-list

Firstly you should never use the wild card unless trying to deny a specific host. Standard access lists are always put next to the destination as outbounds.If you trying to deny 1.0,this is how your configuration would be like,router(config)#access list 1 deny now remember the explicit deny any rule..?change that to access list 1 permit any and place this closest to the destination as an outbound.

Community Member

Re: Standard Access-list


agreed on all points, except it would be placed closest to the dest 'inbound'. Outbound would never match the source as it would be comming from the network.



Community Member

Re: Standard Access-list

If you're on the network, you can setup the access list like this:

router(config)# access-list 10 deny log

router(config)# access-list 10 permit any log

Apply the "ip access-group 10 in" to the serial interface of the router on the network.

Without the "permit any", you'll lose access to the router on network once you apply the access-list to the serial interface.

CreatePlease to create content