Options

ACL Query

redgunnerredgunner Member Posts: 42 ■■□□□□□□□□
in CCNA & CCENT
Hey,

1. How do I block all traffic except a subnet
2. How do I allow all traffic except a subnet

Thank you in advance!
· Share on FacebookShare on Twitter

Comments

  • Options
    Welly_59Welly_59 Member Posts: 431
    1. Permit ip any [subnet]
    Deny ip any any

    2.deny ip any [subnet]
    Permit ip any any

    First lines in each answer could be reversed if subnet is source and then any as the destination
    · Share on FacebookShare on Twitter
  • Options
    redgunnerredgunner Member Posts: 42 ■■□□□□□□□□
    I am bit a confused with the syntax of the example you gave - So would it be as follows below for wanting to block all traffic except a subnet?

    Router(config-std-nacl)#permit any
    Router(config-std-nacl)#deny ip
    Router(config-std-nacl)#deny 192.168.3.0
    · Share on FacebookShare on Twitter
  • Options
    DCDDCD Member Posts: 473 ■■■■□□□□□□
    1) access-list 1 permit X.X.X.X

    2) access-list 2 deny X.X.X.X
    access-list 2 permit any
    · Share on FacebookShare on Twitter
  • Options
    mikeybinecmikeybinec Member Posts: 484 ■■■□□□□□□□
    use wildcards deny 192.168.1.0 0.0.0.63 this would block 1.1 -- 1.63 but would allow everything else in the subnet i.e. 65 - 254

    and be careful about the explicit deny all
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
    · Share on FacebookShare on Twitter
Sign In or Register to comment.