Problem With Standard ACL
suppsh
Member Posts: 1 ■□□□□□□□□□
in CCNA & CCENT
Hi
This is my first post on this great forum so fo any mistake bear with me.
I had a problem with Standard ACL. I am using Packet Tracer to practice it but get stuck in it, hope to get my confusion clear by experience member of this forum
I have Made a topology like this
Router A
Interface Serial 2/0
Ip Address 1.1.1.1
Clock Rate 46000
Interface Fast ethernet 0/0
Ip address 200.100.50.100
Telnet password set
Enable password set
Configuration on Router B
InterFace Serial 2/0
Ip address 1.1.1.2
Interface Fast Etehrnet 0/0
Ip address 200.100.100.100
Telnet and Enable pasword are set.
Using above configuration if i ping from A to B or B To A It works
After that i have tried to stop traffic comming from A to B using Standard ACL
I create a Standard ACL on Router B
Acces-lis 10 deny 1.1.1.1 0.0.0.0
Access List 10 permit any.
Aand Applied it on Serial 2/0 interface on Router B
Ip access-list 10 in
After applying this ACL now i cant Ping A from B which i think is wrong because ACL is there to stop traffic from A but it also not letting any traffic to go out from B
So anyone can advise me on this issue wether there is mistake in the configuration or the concept of ACL is not clear to me
Thanks in advance for any Help
Regards.
This is my first post on this great forum so fo any mistake bear with me.
I had a problem with Standard ACL. I am using Packet Tracer to practice it but get stuck in it, hope to get my confusion clear by experience member of this forum
I have Made a topology like this
Router A
Interface Serial 2/0
Ip Address 1.1.1.1
Clock Rate 46000
Interface Fast ethernet 0/0
Ip address 200.100.50.100
Telnet password set
Enable password set
Configuration on Router B
InterFace Serial 2/0
Ip address 1.1.1.2
Interface Fast Etehrnet 0/0
Ip address 200.100.100.100
Telnet and Enable pasword are set.
Using above configuration if i ping from A to B or B To A It works
After that i have tried to stop traffic comming from A to B using Standard ACL
I create a Standard ACL on Router B
Acces-lis 10 deny 1.1.1.1 0.0.0.0
Access List 10 permit any.
Aand Applied it on Serial 2/0 interface on Router B
Ip access-list 10 in
After applying this ACL now i cant Ping A from B which i think is wrong because ACL is there to stop traffic from A but it also not letting any traffic to go out from B
So anyone can advise me on this issue wether there is mistake in the configuration or the concept of ACL is not clear to me
Thanks in advance for any Help
Regards.
Comments
-
Forsaken_GA
Member Posts: 4,024
Alright, I'll see if I can explain this -
When you send a ping, it sends an ICMP packet known as Echo Request.
When the targeted host receives that, they send back an ICMP packet known as Echo Reply (or Echo Response)
So Router B sends an Echo Request to Router A, Router A receives it and sends back an Echo Reply. But you have an ACL on Router B dropping all traffic from Router A. So your ping fails.
So the standard ACL is doing it's job.
If you want to fine tune it and allow certain types of traffic but deny others, you'll have to use an extended access list. -
jodan20xx
Member Posts: 2 ■□□□□□□□□□
When applying a basic ACL, it is good practice to apply it closest to the destination (i.e. the FAX/X interface out). Mainly because you are more than likely going to have more than one FastEthernet interface configured.