router access lists

Hi everyone.

I am a student and have a access list question

Is this the correct way to configure a router if I wanted to prevent a host
computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet? Based on
a Cisco 2600.

access-list 101 deny ip 192.168.4.3 0.0.0.0 192.168.1.0 0.0.0.255



Thx
Darren

yep, now that access list will have to be applied to an interface to actually work. You also have to put a global permit as the
default action at the end of an access list is "deny ip any any"

You could also use an extended access list like:

ip access-list extended host-block
deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
permit ip any any
exit

By using extended access lists you can use meaningful names. You can also put remarks within the access list like:

ip access-list extended host-block
remark -- This access list keeps the 4.3 computer from the 2.0 network
remark -- block the host here
deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
remark -- allow all other traffic
permit ip any any
exit

Using the remarks makes things more clear and reminds you and anyone else maintaining the router what things are there. IMHO

Dennis


Darren wrote:
> Hi everyone.
>
> I am a student and have a access list question
>
> Is this the correct way to configure a router if I wanted to prevent a host
> computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet? Based on
> a Cisco 2600.
>
> access-list 101 deny ip 192.168.4.3 0.0.0.0 192.168.1.0 0.0.0.255
>
>
>
> Thx
> Darren
>
>

Thanks for the help. Will give that a try


"Dennis Willson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed).. .
> yep, now that access list will have to be applied to an interface to
> actually work. You also have to put a global permit as the default action
> at the end of an access list is "deny ip any any"
>
> You could also use an extended access list like:
>
> ip access-list extended host-block
> deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
> permit ip any any
> exit
>
> By using extended access lists you can use meaningful names. You can also
> put remarks within the access list like:
>
> ip access-list extended host-block
> remark -- This access list keeps the 4.3 computer from the 2.0 network
> remark -- block the host here
> deny ip host 192.168.4.3 192.168.1.0 0.0.0.255
> remark -- allow all other traffic
> permit ip any any
> exit
>
> Using the remarks makes things more clear and reminds you and anyone else
> maintaining the router what things are there. IMHO
>
> Dennis
>
>
> Darren wrote:
>> Hi everyone.
>>
>> I am a student and have a access list question
>>
>> Is this the correct way to configure a router if I wanted to prevent a
>> host computer with IP 192.168.4.3 from accessing the 192.168.1.0 subnet?
>> Based on a Cisco 2600.
>>
>> access-list 101 deny ip 192.168.4.3 0.0.0.0 192.168.1.0 0.0.0.255
>>
>>
>>
>> Thx
>> Darren