The process for defining a numbered standard access control list for the network 192.168.1.0 to be permitted and the 192.168.2.0 to be denied and logged:
access-list 10 permit 192.168.1.0 0.0.0.255 access-list 10 deny 192.168.2.0 0.0.0.255 log
The access-control list is applied to the inteface
interface GigabitEthernet0/0 ip access-group 10 in
Note the standard access control list needs to be between 1-99 or 1300 to 1999
If you wanted to include all networks, you can use the ‘any’ keyword
access-list 10 permit any
You can limit the access-list to a single IP with the ‘host’ keyword
access-list 10 deny host 192.168.1.100
Leave a Reply