ACL

[xdxml12]

Hello,

I was playing around with the concept of ACL and came across some issues. Host A and Host B can ping with no problems (they are on diff subnets) What I did was creat a standard ACL named TEST and added a deny host A from pinging host B. This worked fine. When I added several other deny statements as a test, and removed my initial deny statement for host A to ping B, I cannot ping Host B even though i removed that specific deny.

So I read and found that all ACL have a deny any by default. So what I did was to write permit any to counter the deny any, and then added a lower sequence # deny for host A to ping B.

But no matter how low i make that sequence# for the deny statement I am always able to ping host B.

So in summary,

1.Deny worked initially
2.Added other deny statements, removed initial deny specific for host a to b, cannot ping B
3.Added permit any, was able to ping Host B
4.Added lower seq deny for A to ping B, does not work, I am always able to ping host B

Where am i going wrong here?

btw, i tried doing it the other way round. Leaving that deny any, and just permitting that specific host a to ping b. Does not work.

 

[unclerico]

post your ACL

 

[xdxml12]

I have attached the access list here.

ACL name is test

I applied the access list group test to int fa 0/1 IN on router one

If i remove the "permit any" the host 192.168.1.10 wont be able to go out. But even if i remove the deny 5 i still cannot ping from 192.168.1.10.

 

[xdxml12]

Never mind, simple issue with ip address, problem solved

Thanks