10.5 Using an Alternative to Access Lists
10.5.2 Null interface command
Use the ip route command to establish static routes and to specify the null interface (always null 0), as follows:

ip route address mask null 0

Figure - shows the ip route 201.222.5.0 255.255.255.0 and null 0 command.

Note that this mask is a subnet mask with the ones on the left, and not an access-list wildcard mask with the ones on the right.

The static route forwards traffic for network 201.222.5.0 to the null interface, which drops it.

Consider the example shown in Figure .

Valid traffic is allowed through the WAN cloud if it is destined for the subnet where the network management station is located. Traffic to the Class C network 201.222.5.0 is blocked before it enters the WAN cloud. In Figure , access-list processing is avoided on the left router by routing unwanted traffic to the null interface.

You do not wish to have traffic sent to network 201.222.5.0, so you set up a static route to the null interface. The static route will always give you a better path than any routing protocol will find. Then you route the packet to nowhere and drop it.

Lab Activity
  In this lab, you will learn how to deny traffic to a specific network by using a static route to the null 0 interface.