Second Example

Filtering Traffic Between 10.1.1.0 and 10.1.2.0 Subnets. It is possible to filter traffic to either a specific address or to an entire subnet. In this example, all traffic between the two subnets is filtered:

This example also assumes that the network is a Class C sub network (255.255.255.0).

To filter traffic between both subnets, you must create two access rules.

To create the Extended Access list and rules:

1. In the navigation pane, expand the Routing > IP > Configuration folders, and then click Access Lists.

The IP Access List Web page is displayed in the content pane. See Figure�134.

2. Select Create Extended. The IP Extended Access Rule Creation Web page is displayed. See Figure�136.
3. Enter a number between 100 and 199 (or Alphanumeric) (extended ACL) in the Access List Name field to identify your new access control list.
4. Enter a number in the Access Rule Index file to identify the access rule.
5. Select Deny/Filter in the Access Type field.
6. Enter the source address (10.1.2.0) and the source address wildcard (0.0.0.255), respectively, in the Source Address field.
7. Enter the destination address (10.1.1.0) and the destination address wildcard (0.0.0.255), respectively, in the Dest Address field.
8. Click CREATE to save your changes, or CANCEL to restore previous settings. Once you create both access rules, all traffic between subnet 10.1.1.0 and 10.1.2.0 is deny/filtered.

Note: Traffic between any other 10.1.x.0 subnets are not filtered because the access rules only deny/filter traffic between subnets 10.1.1.0 and 10.1.2.0.

To deny/filter traffic to a specific address and not to an entire subnet, you must specify the destination IP address of the network node, and use a subnet wildcard of 0.0.0.0.

To deny/filter all traffic, you must specify a destination address of 0.0.0.0 and a wildcard of 255.255.255.255. This is useful if you want to filter all traffic except traffic that matches a previous rule. Ensure that you do not make this your first rule, since ACL rules are read from the top down and stop after the first rule match, which ignores all subsequent rules.