Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to block a website IP address with an access-list

Status
Not open for further replies.
NettableWalker

NettableWalker

IS-IT--Management
Jun 18, 2005
215
0
0
GB
Hi Everyone,

How can i block a particular IP address with an ACL on a 837 DSL router.

i just can't see a way to do it.

Any help gratefully received :)

Thanks
 
Sort by date Sort by votes
DENY A HOST AND PERMIT ALL
--------------------------
1. Ping -t to the host.

2. Find the router interface that host that subnet (ie. 10.4.16.x).
#sh ip route 10.4.16.0

3. Telnet to the router that host that subnet.

4. Backup the current ACL before making changes.

5. Create an extended access list # that is NOT in the current configuration.
You should have a different ACL # for each subnet. This will make it easier to indentify.

access-list 102 deny ip host 10.4.16.183 any
access-list 102 permit ip any any

6. Apply the access-list to the router interface.

interface Vlan15
ip address 10.4.16.254 255.255.255.0
ip access-group 102 in
ip access-group 102 out

7. Your ping to the host should now drop.


PERMIT A HOST AND DENY ALL
--------------------------
1. Create an extended access list # that is NOT in the current configuration.

access-list 105 permit ip 10.208.2.91 0.0.0.255 any log; HPOV Station
access-list 105 permit ip 10.208.2.10 0.0.0.255 any log; RSA Dial for Jeff H
access-list 105 deny ip any any log

2. Apply the access-list to the router interface.

interface Vlan15
ip address 10.208.2.254 255.255.255.0
ip access-group 105 in
ip access-group 105 out


DENY ENTIRE SUBNET
------------------
1. Create an extended access list # that is NOT in the current configuration.

access-list 101 deny ip 10.208.2.0 0.0.0.255
access-list 101 permit ip any

2. Apply the access-list to the router interface.

interface Vlan15
ip address 10.208.2.254 255.255.255.0
ip access-group 101 in
ip access-group 101 out


BLOCK A PORT
------------
1. Create an extended access list # that is NOT in the current configuration.

access-list 105 deny tcp any any eq 445
access-list 105 deny udp any any eq 445
access-list 105 permit ip any any

2. Apply the access-list to the router interface.

interface Vlan15
ip address 10.208.2.254 255.255.255.0
ip access-group 105 in
ip access-group 105 out




Thanks,
Nicole
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
69
jarod_paris
jarod_paris
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
71
Luzbel
Luzbel
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
87
BIS
BIS
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
90
bdk76
bdk76

Part and Inventory Search

Sponsor

Back
Top