Cisco ACL help

Dist

Dist

Dist

Soldato
Joined
1 Jun 2005
Posts
5,152
Location
Kent
Does anyone know if it possible to use an extended ACL to block all traffic to a destination from any source destination using a single command? With a standard ACL It is simply to block all traffic but in this case I have to use an extended ACL, but the router asks me to specific a protocol to block (either EIGRP, GRE, ICMP, IP, OSPF, TCP or UDP). Is it possible to block all protocols with a single extended ACL command, or do i have to create a line in the ACL for every single protocol if I want to block all traffic?

Edit: Never mind, I see blocking IP blocks everything, that simplifies things :)
 
Last edited:
Any reason why you have to use a extended ACL?

You can still deny a subnet on an ex ACL without having to add a port or protocol at the end, just dont add "eq" at the end of the command.

What exactly are you trying to do, might help me get a better understanding.
 
HarryPainful said:
Any reason why you have to use a extended ACL?

You can still deny a subnet on an ex ACL without having to add a port or protocol at the end, just dont add "eq" at the end of the command.

What exactly are you trying to do, might help me get a better understanding.
Click to expand...

It's part of some coursework, so I have to use an extended ACL. Although i dont have to specificy a port at the end, after the 'deny' i have to specificy IP, ICMP, TCP, UDP etc... And I thought i would have to create a line in the ACL for each of them. Now I realise that if i do a deny IP source dest, it will also block ICMP and such as well.

The use of an extended ACL is helpfull in that it stops the packet moving beyond the router, so the ACL blocks the packet as near as possible to the source, where as a standard ACL has to be placed near the desination, meaning it would allow the packet further along the network which is not always desireable.
 
Does it have to be a single line? You can use a deny any, but place an ICMP allow before it, should work in 2 lines if that's what you mean? I'm not 100% sure what the task from the coursework is, might help if you can give a lo-down?

- Pea0n
 
I had to block all traffic, my original problem is that i thought there was no command to block 'all' traffic, i thought i had to block each type of trafic individualy for it all to be blocked. I have now managed to get it sorted though and its working fine.
 
You must log in or register to reply here.
Back
Top Bottom