In this small example, two Cisco 2811 routers are connected, both on FastEthernet0/0, explaining the use of access-list.
The partial config of router0:
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
The partial config of router1:
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
!
[config…]
!
access-list 10 deny host 10.0.0.1
Make note that the command access-list 10 deny host 10.0.0.1 is already present in the config.
The ping results of router0 when pinging to router1 is:
router0#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms
The success rate is 100 percent.
After making the next configuration change on router1:
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
ip access-group 10 in
!
[config…]
!
access-list 10 deny host 10.0.0.1!
The command ip access-group 10 is added to interface FastEthernet0/0, the ping results of router0 to router1 is:
router0#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Pinging router1 is blocked for router0.