I've searched the internet and usenet, including this forum but I haven't quite been able to answer my question.
We have a computer on our network which we have to get shut down from sending or receiving data to/from the WAN. What we really wanted to do was to block the MAC address but I haven't been able to determine if that is really possible so I'm trying to figure out how to just block it's ip address.
Our current rules use ACL's ip access-group 101 in ip access-group 102 out
Since I wanted to disable this ip address completely without regard for port or anything else, I tried adding an ACL 10 and 11 ip access-group 10 in ip access-group 11 out
acc 10 deny a.b.c.d 0.0.0.0
after adding the first access-list it blocked the whole network, instead of just that one ip address. I thought maybe I had the mask backwords...
no acc 10 acc 10 deny a.b.c.d 255.255.255.255
I got the same result... shut down the entire network. Our network actually has a subnetmask of 255.255.255.128 so I tried changing the acc-list command to a.b.c.d 255.255.255.128 or 0.0.0.127 and both of those also shut down the entire network instead of blocking the single ip address.
Can anybody tell me what i'm doing wrong? Perhaps I need to do something like
acc 10 deny a.b.c.d 0.0.0.0 acc 10 accept all all
but I was afraid that if I did that, the all/all would trump all of the access list 101 and 102 commands.. and i definately don't want to do that.
Any advice or tips would be appreciated, IOS is really confusing when you haven't had any experience with it.
-Jeff