access-list !

nanga · April 2009

here is the scene

[ROUTER]

e0/0 12.2.1.1 ( on the LHS)
e0/1 12.1.1.2 ( on the RHS)

the access list is applied inbound to e0/1

# access-list 150 deny ip 12.1.1.0 0.0.0.255 any log
now suppose a user on the 12.1.1.0 sends out a request wnt it be blocked by the e0/1 when it comes back with the request

blackninja · April 2009

nanga wrote: »

here is the scene
[ROUTER]
e0/0 12.2.1.1 ( on the LHS)
e0/1 12.1.1.2 ( on the RHS)

the access list is applied inbound to e0/1

# access-list 150 deny ip 12.1.1.0 0.0.0.255 any log
now suppose a user on the 12.1.1.0 sends out a request wnt it be blocked by the e0/1 when it comes back with the request

The packet will be dropped by the inbound ACL before it reaches it's dest

gig · April 2009

If I'm not mistaken. With that access list applied, no packets will pass thru the interface it was applied to without a "permit any" line in the access list.

blackninja · April 2009

gig wrote: »

If I'm not mistaken. With that access list applied, no packets will pass thru the interface it was applied to without a "permit any" line in the access list.

You are so right - you can have my ccna, as clearly need to re-earn it.....lol

gig · April 2009

Haha. I just so happens I'm currently studying for my CCNA and one of the few things that stuck with me was when making a deny ACL, always make a permit line.

LT72884 · April 2009

gig wrote: »

If I'm not mistaken. With that access list applied, no packets will pass thru the interface it was applied to without a "permit any" line in the access list.

yeah by default ther is an empliciate deny all with any acl so you have to make sure to put permit any at the end or no traffic will pass

access-list !

Comments