Options

access-list !

nangananga Member Posts: 201
here is the scene

[ROUTER]
e0/0 12.2.1.1 ( on the LHS)
e0/1 12.1.1.2 ( on the RHS)


the access list is applied inbound to e0/1


# access-list 150 deny ip 12.1.1.0 0.0.0.255 any log
now suppose a user on the 12.1.1.0 sends out a request wnt it be blocked by the e0/1 when it comes back with the request

Comments

  • Options
    blackninjablackninja Member Posts: 385
    nanga wrote: »
    here is the scene

    [ROUTER]
    e0/0 12.2.1.1 ( on the LHS)
    e0/1 12.1.1.2 ( on the RHS)


    the access list is applied inbound to e0/1


    # access-list 150 deny ip 12.1.1.0 0.0.0.255 any log
    now suppose a user on the 12.1.1.0 sends out a request wnt it be blocked by the e0/1 when it comes back with the request


    The packet will be dropped by the inbound ACL before it reaches it's dest
    Currently studying:
    CCIE R&S - using INE workbooks & videos

    Currently reading:
    Everything. Twice ;)
  • Options
    giggig Member Posts: 25 ■□□□□□□□□□
    If I'm not mistaken. With that access list applied, no packets will pass thru the interface it was applied to without a "permit any" line in the access list.
  • Options
    blackninjablackninja Member Posts: 385
    gig wrote: »
    If I'm not mistaken. With that access list applied, no packets will pass thru the interface it was applied to without a "permit any" line in the access list.

    You are so right - you can have my ccna, as clearly need to re-earn it.....lol
    Currently studying:
    CCIE R&S - using INE workbooks & videos

    Currently reading:
    Everything. Twice ;)
  • Options
    giggig Member Posts: 25 ■□□□□□□□□□
    Haha. I just so happens I'm currently studying for my CCNA and one of the few things that stuck with me was when making a deny ACL, always make a permit line.
  • Options
    LT72884LT72884 Member Posts: 31 ■■□□□□□□□□
    gig wrote: »
    If I'm not mistaken. With that access list applied, no packets will pass thru the interface it was applied to without a "permit any" line in the access list.

    yeah by default ther is an empliciate deny all with any acl so you have to make sure to put permit any at the end or no traffic will pass
Sign In or Register to comment.