cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
240
Views
0
Helpful
1
Replies

Blocking Host at gateway router

community
Level 1
Level 1

I have a 2610 router as my gateway. I want to block and ip range from passing through. I have been under a constant flow of MSSQL Command sig's and want to block the entire 61.0.0.0 network. What is the syntax for the access list. I have "access-list 100 deny ip host 61.0.0.0 any ". This range is still passing through. Help?

1 Reply 1

mark-obrien
Level 4
Level 4

Three things are wrong. First, your access list will deny the "host" 61.0.0.0, which doesn't exist. Second, the access list blocks everything, since there is an implied "deny any any" at the end of every access list, unless you put "permit any any" at the end. Third, you do not mention applying the access list as an access group on an interface, so the access list has no effect.

Since you only want to block based upon the source IP address, there is no need for an extended access list. Use the following commands:

access-list x deny 61.0.0.0 0.255.255.255

access-list x permit any

where x is between 1 and 99. Then, on an interface, enter the command "ip access-group x (in|out)". In and out refers to the direction data is taking with regard to the interface you are configuring. Be sure to specify an interface and direction that is consistent with a source address in the 61.0.0.0 network.

Good Luck!

Mark

Review Cisco Networking for a $25 gift card