First, upgrade to at least IOS 11.2(4)
Prevent transmission of invalid IP addresses
Let's say your network is 172.16.0.0, and your outbound interface is serial 0/1.
Set up your access list like the following to prevent transmitting any invalid IP addresses:
access-list 111 permit 172.16.0.0 0.0.255.255 any access-list 111 deny ip any any log interface serial 0/1 ip access-group 111 out
Prevent reception of invalid IP addresses
This assumes that you're an ISP or you have that function within your organization. Organizations A and B below are either your customers, or groups within your larger organization. Let's say that:
- Your customer A,B interface is serial 1/0.
- Customer A networks are 192.168.0.0 - 192.168.15.0.
- Customer B networks are 172.18.0.0.
Set up your access list like the following to prevent receiving any invalid IP addresses:
access-list 111 permit ip 192.168.0.0 0.0.15.255 any access-list 111 permit ip 172.18.0.0 0.0.255.255 any access-list 111 deny ip any any log interface serial 1/0 ip access-group 111 in
For more information, see the Cisco site.