Access-list 100 1

[12122053]

Why is that when i create a access-list 100 such as
access-list 100 permit ip any any does not work at all I even apply it to the outbound interface which is dialer1.(ip access-group out) what am I doing wrong? It works fine when i do a standard access-list 1 permit 192.68.0.0 0.0.0.255. My desire is to use extended access-list for my LAN could access the internet and other services, thanks.

 

[CiscoDude]

If you want to use a extended access list, you must be very specific with the ACL number (100-199), deny/permit command, network/subnet address, protocol being targeted along with the port number. The standard ACL is just what it says, "standard". It applies to all traffic from a particular network. That is the differences between a standard ACL and a extended ACL. The extended ACL is better in my book, but it requires more configuration details. Here are examples of each:

Standard

access-list 1 deny 10.0.0.0 0.255.255.255
access-list 1 permit any
interface ethernet 0
ip access-group 1 in

This ACL is applied to inbound traffic. The above configuration will deny all traffic from the network 10.0.0.0/8. All other traffic is permitted.

Extended
access-list 100 deny tcp 10.0.0.0 0.255.255.255 eq 23
access-list 100 permit any
interface ethernet 0
ip access-group 100 in

This ACL is applied to telnet traffic specifically. All other types of traffic can still get threw the ACL such as FTP, DNS, SMTP, finger, etc.

Hope this helps you out.

 

[12122053]

Thanks CiscoDude I'll give it a try.

 

[CiscoDude]

No problem.

 

[12122053]

Hey ciscodude im still having a problem. All i want to do is to let my 192.68.1.0 network access the internet with a extended access-list. I have a 1604 router with a dialer interface. Do i apply the ip access-group out to the dialer interface? I just need the correct syntax, thanks alot.

 

[12122053]

Figure it out. Did not change the ip nat list from 1 to 100.