ACL Query

redgunnerredgunner Posts: 42Member ■■□□□□□□□□
Hey,

1. How do I block all traffic except a subnet
2. How do I allow all traffic except a subnet

Thank you in advance!

Comments

  • Welly_59Welly_59 Posts: 431Member
    1. Permit ip any [subnet]
    Deny ip any any

    2.deny ip any [subnet]
    Permit ip any any

    First lines in each answer could be reversed if subnet is source and then any as the destination
  • redgunnerredgunner Posts: 42Member ■■□□□□□□□□
    I am bit a confused with the syntax of the example you gave - So would it be as follows below for wanting to block all traffic except a subnet?

    Router(config-std-nacl)#permit any
    Router(config-std-nacl)#deny ip
    Router(config-std-nacl)#deny 192.168.3.0
  • DCDDCD Posts: 449Member
    1) access-list 1 permit X.X.X.X

    2) access-list 2 deny X.X.X.X
    access-list 2 permit any
  • mikeybinecmikeybinec CCNA 200-120 Posts: 484Member ■■■□□□□□□□
    use wildcards deny 192.168.1.0 0.0.0.63 this would block 1.1 -- 1.63 but would allow everything else in the subnet i.e. 65 - 254

    and be careful about the explicit deny all
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
Sign In or Register to comment.