router access lists - Routers

This is a discussion on router access lists - Routers ; Hi everyone. I am a student and have a access list question Is this the correct way to configure a router if I wanted to prevent a host computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet? Based on a ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: router access lists

  1. router access lists

    Hi everyone.

    I am a student and have a access list question

    Is this the correct way to configure a router if I wanted to prevent a host
    computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet? Based on
    a Cisco 2600.

    access-list 101 deny ip 192.168.4.3 0.0.0.0 192.168.1.0 0.0.0.255



    Thx
    Darren



  2. Re: router access lists

    yep, now that access list will have to be applied to an interface to actually work. You also have to put a global permit as the
    default action at the end of an access list is "deny ip any any"

    You could also use an extended access list like:

    ip access-list extended host-block
    deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
    permit ip any any
    exit

    By using extended access lists you can use meaningful names. You can also put remarks within the access list like:

    ip access-list extended host-block
    remark -- This access list keeps the 4.3 computer from the 2.0 network
    remark -- block the host here
    deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
    remark -- allow all other traffic
    permit ip any any
    exit

    Using the remarks makes things more clear and reminds you and anyone else maintaining the router what things are there. IMHO

    Dennis


    Darren wrote:
    > Hi everyone.
    >
    > I am a student and have a access list question
    >
    > Is this the correct way to configure a router if I wanted to prevent a host
    > computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet? Based on
    > a Cisco 2600.
    >
    > access-list 101 deny ip 192.168.4.3 0.0.0.0 192.168.1.0 0.0.0.255
    >
    >
    >
    > Thx
    > Darren
    >
    >


  3. Re: router access lists

    Thanks for the help. Will give that a try


    "Dennis Willson" wrote in message
    news:h_ednbHt_KT5deXenZ2dnUVZ_sidnZ2d@baytsp.com.. .
    > yep, now that access list will have to be applied to an interface to
    > actually work. You also have to put a global permit as the default action
    > at the end of an access list is "deny ip any any"
    >
    > You could also use an extended access list like:
    >
    > ip access-list extended host-block
    > deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
    > permit ip any any
    > exit
    >
    > By using extended access lists you can use meaningful names. You can also
    > put remarks within the access list like:
    >
    > ip access-list extended host-block
    > remark -- This access list keeps the 4.3 computer from the 2.0 network
    > remark -- block the host here
    > deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
    > remark -- allow all other traffic
    > permit ip any any
    > exit
    >
    > Using the remarks makes things more clear and reminds you and anyone else
    > maintaining the router what things are there. IMHO
    >
    > Dennis
    >
    >
    > Darren wrote:
    >> Hi everyone.
    >>
    >> I am a student and have a access list question
    >>
    >> Is this the correct way to configure a router if I wanted to prevent a
    >> host computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet?
    >> Based on a Cisco 2600.
    >>
    >> access-list 101 deny ip 192.168.4.3 0.0.0.0 192.168.1.0 0.0.0.255
    >>
    >>
    >>
    >> Thx
    >> Darren




+ Reply to Thread