Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access-list deny ip

Status
Not open for further replies.
WaltK

WaltK

Technical User
Aug 5, 2001
10
US
I have tried unsuccessfully to add an access-list which denies ip for a group of people. Technically our network is 10.1.0.0 255.255.0.0, although all our hosts are using 10.1.1.0 only. I thought that if I put all individuals who I want to block access on 10.1.5.0, I should be able use to use access lists.

I have tried several variations of the following standard access list, but extended lists don't seem to work either.

access-list 5 deny 10.1.5.0 0.0.0.255
access-list 5 permit 10.1.1.0 0.0.0.255

Applying this list to the outbound serial interface. I have changed the order and played with the wildcard bits, but nothing seems to work. I have replaced the permit 10.1.1.0 with permit any, and this opened everything up.

Any help would be appreciated. Thanks.
 
Sort by date Sort by votes
If the "permit any" worked that means that the topology of the network and the way you assigned IP addresses do not match properly. Try using extended IP lists to block access for a host at a time and leave all the other open. This way you can diagnose easier what is going on. Also did you use a router to divide the two networks? Try to explain how is the network layed out so I can help you pinpoint the problem.
 
Upvote 0 Downvote
There is only 1 network, but I was hoping that I would still be able to block certain host ID's. I did try blocking my own address as a test, using the following

access-list 5 deny 10.1.1.50
access-list 5 permit any

and applying this to the oubound serial interface, but I was not prevented from going through the router.

Thanks for looking into it.

 
Upvote 0 Downvote
When you apply the access list to the outbound port, what is the exact command you use?
 
Upvote 0 Downvote
Hi ,

Access List are very logic . Still I am not able to understand your network . However , below are some very important highlights you should consider :

01. whom you want to permit ( since there is a default deny to the end of the access list any way .. so just think about whom you want to permit not whom you want to deny )

02. You should have a very clear picture of inbound and outbound . they make a huge diffrence .

Good Luck .
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
85
dmourghen
dmourghen
Delta5
  • Locked
  • Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
323
iggsterman
iggsterman
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
292
CDIV
CDIV
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
473
iggsterman
iggsterman
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
90
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top