How do I block access to specific ip range in Cisco Router

Alex_Calcan
Alex_Calcan used Ask the Experts™
on
I need to block access from 192.168.2.1-255 to 192.168.1.1-255 and vice versa on a cisco C2600 (C2600-ENTBASE-M), Version 12.4(5).

I managed to get something working but I when pinging, i get a message that I don't want
Communication prohibited by filter

I do however want to get this message instead, as if the host does not even exist
Request timeout for icmp_seq 1

interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.5
 encapsulation dot1Q 5 native
 ip address 192.168.2.254 255.255.255.0
 ip access-group 100 in
 ip nat inside
 no snmp trap link-status
!
interface FastEthernet0/1.6
 encapsulation dot1Q 6
 ip address 192.168.1.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 no snmp trap link-status
!

...

!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
access-list 100 remark ACL For LAN Network
access-list 100 deny   ip any 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
access-list 101 remark ACL For GUEST Network
access-list 101 deny   ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any
!

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior infrastructure engineer
Top Expert 2012
Commented:
You could try to set: no ip unreachables on the interface.

Author

Commented:
Thank you!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial