At 06:16 AM 9/23/97 -0700, you wrote:
! Loopback access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 ! RFC 1918 private blocks access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 ! Test Network access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 ! Tiny networks. access-list 100 deny ip any 255.255.255.128 0.0.0.127 access-list 100 permit ip any any
I think you'll find that your router's CPU will be happier if you just dump the 1918 networks to the bit bucket on your border routers with a static route via interface Null0: ip route 10.0.0.0 255.0.0.0 null0 ip route 127.0.0.0 255.0.0.0 null0 etc. Considering resource utilization on the router, it is cheaper to do a routing table look-up than it is to do ACLs. Also, when you're doing outbound filtering on the router, you have to do a routing table lookup first before you can do outbound filtering. Save a step and just do the routing table lookup. Randy