ACL Questions

gravyjoegravyjoe Member Posts: 260
in CCNA & CCENT
Hey Everybody,

I have two questions concerning Access-Lists. My first question is, if you don't create any access-lists at all, are all hosts able to communicate with all hosts by default?

Also, I know how to deny telnet with an extended ACL, but not to deny a ping. Would I use port 7:echo to deny, or how would that work?

Thanks. :)
The biggest risk in life is not taking one.
· Share on FacebookShare on Twitter

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    gravyjoe wrote:
    My first question is, if you don't create any access-lists at all, are all hosts able to communicate with all hosts by default?
    Yes, as long as you have connectivity, name resolution, and routing protocols to let you find stuff....
    gravyjoe wrote:
    Also, I know how to deny telnet with an extended ACL, but not to deny a ping. Would I use port 7:echo to deny, or how would that work?
    echo just echos back packets.... different from ping (ICMP packets)

    ICMP is protocol 1 (I think, in the IPv4 header).... so you can
    access-list 177 deny ICMP ...... etc

    but I think you can also break it down into the different ICMP types....
    access-list 177 deny ICMP ....... echo-reply
    and/or
    access-list 177 deny ICMP ....... echo

    It's Friday of a long/late night week -- Guinness, Guinness, Guinness, and eventually pizza -- so your homework is to research and confirm/deny what I just typed....

    <but I fixed the obvious Guinness induced typos>
    :mike: Cisco Certifications -- Collect the Entire Set!
    · Share on FacebookShare on Twitter
  • gravyjoegravyjoe Member Posts: 260
    Thanks Mike. :D
    The biggest risk in life is not taking one.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.