• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 590
  • Last Modified:

How do I block access to specific ip range in Cisco Router

I need to block access from 192.168.2.1-255 to 192.168.1.1-255 and vice versa on a cisco C2600 (C2600-ENTBASE-M), Version 12.4(5).

I managed to get something working but I when pinging, i get a message that I don't want
Communication prohibited by filter

I do however want to get this message instead, as if the host does not even exist
Request timeout for icmp_seq 1

interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.5
 encapsulation dot1Q 5 native
 ip address 192.168.2.254 255.255.255.0
 ip access-group 100 in
 ip nat inside
 no snmp trap link-status
!
interface FastEthernet0/1.6
 encapsulation dot1Q 6
 ip address 192.168.1.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 no snmp trap link-status
!

...

!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
access-list 100 remark ACL For LAN Network
access-list 100 deny   ip any 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
access-list 101 remark ACL For GUEST Network
access-list 101 deny   ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any
!

Open in new window

0
Alex_Calcan
Asked:
Alex_Calcan
1 Solution
 
Ernie BeekExpertCommented:
You could try to set: no ip unreachables on the interface.
0
 
Alex_CalcanAuthor Commented:
Thank you!
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now