access-list
alimoe
Member Posts: 17 ■□□□□□□□□□
in CCNA & CCENT
Configure an IP standard access list to prevent all machines on network 172.16.10.0 from accessing your Ethernet network...
Now i'm assuming the configuration would of been:
access-list 1 deny any 172.16.10.0 0.0.0.255
access-list 1 permit any
but it's really
access-list 1 deny 172.16.10.0 0.0.0.255
access-list 1 permit any
Now my question is if we're trying to prevent all machines on the network from accessing the network why wouldn't the any statement be used?? When should the any statement be used.... Thanks
Now i'm assuming the configuration would of been:
access-list 1 deny any 172.16.10.0 0.0.0.255
access-list 1 permit any
but it's really
access-list 1 deny 172.16.10.0 0.0.0.255
access-list 1 permit any
Now my question is if we're trying to prevent all machines on the network from accessing the network why wouldn't the any statement be used?? When should the any statement be used.... Thanks
Comments
-
Webmaster Admin Posts: 10,292 Adminactually it is:
Router(config)#access-list 1 deny 172.16.10.0 0.0.0.255
Router(config)#access-list 1 permit any
and, for example on the router's Ethernet interface:
Router(config-if)#ip access-group 1 outNow my question is if we're trying to prevent all machines on the network from accessing the network why wouldn't the any statement be used??
...not all machines, just those from the 172.16.10.0 255.255.255.0 network.When should the any statement be used.... -
Todd1225 Member Posts: 54 ■■□□□□□□□□Just wanna throw some stuff in to help out!
Remember, standard access lists can only filter based on source address, and extended list must be used if you are filtering based on source and destination addresses.
If you are filtering based on a particular port, for instance to block ftp traffic you must use an extended list. You must also consider if this port is a udp or tcp port so it can be included in the list.
Although I didn't see if specifically stated in the Cisco Press Study Guide, the Cisco Academy Books state that you should place an extended list near the source and a standard near the destination. I personally would assume it depends on what traffic, etc you are trying to block, but that's Cisco's theory!Todd Baugh
Aspiring Network Tech