I need to block traffic from the following subnets on my network: * 172.30.201.0 * 172.30.203.0 * 172.30.204.0 * 172.30.205.0 * 172.30.206.0 * 172.30.207.0 * 172.30.209.0 * 172.30.210.0
On my core layer 3 switch (of which the above 8 subnets are directly connected through a layer 2 network with my ISP), the access list is as is: access-list 10 remark Allow VTY Access access-list 10 permit xxx.xxx.xxx.2 access-list 10 permit xxx.xxx.xxx.18 access-list 10 permit 207.xxx.xxx.0 0.0.0.255 access-list 10 permit 172.30.0.0 0.0.255.255 access-list 10 permit 172.20.20.0 0.0.0.255
Do I just add a deny statement to the 8 subnets I need to block AFTER or BEFORE my permit 172.30.0.0 statement?
OR should I do a deny host for say 172.30.201.1?
Or maybe theres a better way to block traffic coming from those subnets?
No comments:
Post a Comment