Compare cert salaries and plan your next career move
liven wrote: Man I feel really retarded right now, but I just can't get my extended access lists to work... router A and B are connected THROUGH a switch. They are on the same vlan and can ping each other not problem So I am trying to block router A from pinging router B So I do this: access-list 111 deny icmp host ROUTER_A host ROUTER_B access-list 111 permit ip any any int eth 0/0 ip access-group 111 out layout of devices router_a <-> switch <-> router_b So after I apply the above access list I can still ping the outher router.... What am I doing wroing? I am going nuts here.
networker050184 wrote: What IP address are you using to ping from?
tech-airman wrote: liven wrote: Man I feel really retarded right now, but I just can't get my extended access lists to work... router A and B are connected THROUGH a switch. They are on the same vlan and can ping each other not problem So I am trying to block router A from pinging router B So I do this: access-list 111 deny icmp host ROUTER_A host ROUTER_B access-list 111 permit ip any any int eth 0/0 ip access-group 111 out layout of devices router_a <-> switch <-> router_b So after I apply the above access list I can still ping the outher router.... What am I doing wroing? I am going nuts here. liven, Your first access-list statement is too short. Type it out again, except add a '?' at the end. I hope this helps.
Chris Knight wrote: tech-airman wrote: liven wrote: Man I feel really retarded right now, but I just can't get my extended access lists to work... router A and B are connected THROUGH a switch. They are on the same vlan and can ping each other not problem So I am trying to block router A from pinging router B So I do this: access-list 111 deny icmp host ROUTER_A host ROUTER_B access-list 111 permit ip any any int eth 0/0 ip access-group 111 out layout of devices router_a <-> switch <-> router_b So after I apply the above access list I can still ping the outher router.... What am I doing wroing? I am going nuts here. liven, Your first access-list statement is too short. Type it out again, except add a '?' at the end. I hope this helps. Liven, since your creating an extended you are correct place it as close to the source as possible. Outbound is correct as well You need to specify "echo" on your access-list access-list 111 deny icmp host ROUTER_A host ROUTER_B "echo" ip access-list 111 permit ip any any int eth 0/0 ip access-group 111 out
dtlokee wrote: Chris Knight wrote: tech-airman wrote: liven wrote: Man I feel really retarded right now, but I just can't get my extended access lists to work... router A and B are connected THROUGH a switch. They are on the same vlan and can ping each other not problem So I am trying to block router A from pinging router B So I do this: access-list 111 deny icmp host ROUTER_A host ROUTER_B access-list 111 permit ip any any int eth 0/0 ip access-group 111 out layout of devices router_a <-> switch <-> router_b So after I apply the above access list I can still ping the outher router.... What am I doing wroing? I am going nuts here. liven, Your first access-list statement is too short. Type it out again, except add a '?' at the end. I hope this helps. Liven, since your creating an extended you are correct place it as close to the source as possible. Outbound is correct as well You need to specify "echo" on your access-list access-list 111 deny icmp host ROUTER_A host ROUTER_B "echo" ip access-list 111 permit ip any any int eth 0/0 ip access-group 111 out When you deny ICMP without a particular icmp type at the end it will deny all ICMP packets including echo, althought this would be more specific than all of ICMP, his ACL will work without it.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
