Using Cisco Access Control List to block a subnet


I have the following ClassB network that I’m trying to create an access list for. I’d like to allow but deny all else, so I’m looking the best way to accomplish this with 2 acl lines.


The best way to accomplish the above is to explicitly allow the subnet you want and then deny the whole Class B network as following:

access-list 110 permit ip
access-list 110 deny ip

Another option with just one ACL entry would be to permit only the subnet and thats it. No other ACL entries are needed since there is an implicit deny at the end of the access list statement.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.