• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Syntax For Creating a Router Access List To Deny

C

Cable God

Diamond Member
wouldn't it be:

enable the exec first

config t

access-list 1 deny host 217.0.0.0 log


Wouldn't this block the entire 217.0.0.0-217.255.255.254 IP block?




 
If you use the keyword "host" that means just a single host so you can't use "host" for a range of addresses.

In your case if you are trying to drop all frames sourced with 217.X.X.X (remember standard access-lists 1-99 are source address only)

access-list 1 deny 217.0.0.0 0.255.255.255 log
access-list 1 permit any

I put the pertmit any at the end because there is always an implicit deny with all access-lists. If you simply applied the list to an interface then you would actually drop ALL frames.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top