General discussion

Locked

ACCESS LIST

By jkartheek ·
I have a cisco 3600 series router. since i do not have a application firewall i could not block some of the unwanted sites that i want to block. Is this possible to use the access list to block a particular sites using the ip address. For Eg. if i want to block one particular site's ip address from being accessed by the users what is the exact command syntax and in the ip access-group command what is the spec i have to give is it in or out. Can any one help me out because when i tried this option the entire office is disconnected from the internet.


Thanks a bunch

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

ACCESS LIST

by -Q-240248 In reply to ACCESS LIST

This is a question that requires some details. I would suggest that you goto cisco.com and do a search on access lists. I can give you an example. THis example assumes that the IP address (which btw can change and/or be more than one) of the site you want to block is 2.3.4.5:

conf t
access-list 101 deny ip any 2.3.4.5 0.0.0.0
access-list 101 permit ip any any
<CTRL-Z>
sh access-list <verify access list>
-or-
sh ru <verify access list>
cop ru st <save the configuration>

Now apply itto the outbound internet interface:
conf t
int s0
ip access-group 101 out
<CTRL-Z>

Verify applied access-list:
sh ru
-or-
sh int s0

copy configuration again: cop ru st

One key element you have to remember about access lists is that there is an 'implicit deny' at the end of the list. For example, the last line in the access list, even though it doesn't show it and you didn't type it says: access-list 101 deny any any

I suspect the problem you had is that you were not aware of the implicit deny and so all of your traffic was blocked, hence the line: access-list 101 permit ip any any
was inserted. You gotta have an entry that lets all other traffic through! I hope there are no sytax errors above, as I am going by memory here...

Collapse -

ACCESS LIST

by jkartheek In reply to ACCESS LIST

Poster rated this answer

Collapse -

ACCESS LIST

by jkartheek In reply to ACCESS LIST

This question was closed by the author

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums