How can I block IP addresses on a Cisco Router? 1

[smartobi]

I have a Cisco 2500 series router. We run a small ISP. Right now I have a 126 IP addresses and I only need about 25 IP addresses for now. Please can someone help me with information on how to block the other IP addresses so that they cannot pass traffic thru the router.

 

[gconnect]

configure outbound access list temporarily until you allocate them.

access-list # permit/deny PROTOCOL src mask dst mask

say you have 10.1.1.0 /25 (1-126)
access-list 101 deny ip 10.1.1.64 0.0.0.63 any log (block .64 - .126)
access-list 101 deny ip 10.1.1.32 0.0.0.31 any log (block .32 - 64)
the rest, you could let the other ones hang or be specific
access-list 101 deny ip host 10.1.1.26 any
access-list 101 deny ip host 10.1.1.27 any
access-list 101 deny ip host 10.1.1.28 any
access-list 101 deny ip host 10.1.1.29 any
access-list 101 deny ip host 10.1.1.31 any
access-list 101 permit ip 10.1.1.0 0.0.0.127 any

int WHATEVERYOUROUTSIDEIS
ip access-group 101 out

traffic is evaluated in the order of the acl chain, therefore the last entry will only also what hasn't already been denied........ (.1 - .25)

-gC-

http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html

 

[smartobi]

Thanks G. I have applied the rules you gave me and it works.

Thanks.

 

[gconnect]

Glad to hear

 

[ASofyan]

Hai guys can you help me, I try to using multi access-list number but if i apply all access-list with diferent number on interface serial/ethernet that's only last ( one ) access-list number is view when I show interface

I waiting for your advise


Thanks
ASofyan

 

[thebruge]

You can only apply one access-list in and one out. It's working as designed.