Acl

rivanfrankrivanfrank Posts: 9Member ■□□□□□□□□□
Hi,

In this statement:

access-list 100 deny ip host 192.168.1.1 host 172.16.1.1

host 192.168.1.1 will not be able to access 172.16.1.1 including ping, and all the port number like ftp, telnet, http right?

Comments

  • BundimanBundiman Posts: 201Member
    So here is the nice catch twenty two. Once you add this acl to a interface all traffic would be blocked. An implicit deny all is always added to the end of a acl so unless you add another line to allow everthing else after the acl yes it would stop not only traffic from one host to the other but also all traffic on that interface in or out depending on how its applied.
    ​Bachelor of Science, IT - Security Emphasis (Start Date: Apr 1st, 2013)
    ​Bachelor of Science, IT - Security Emphasis (Completed: Apr 25t, 2014)
  • WiseWunWiseWun Posts: 285Member
    To answer your question, yes that is correct. And as Bundiman put it, you need to add a "permit any any" statement for all other traffic.
    "If you’re not prepared to be wrong, you’ll never come up with anything original.” - Ken Robinson
  • Ltat42aLtat42a Posts: 585Member ■■■□□□□□□□
    I was taught....unless you "permit" something, everything will be denied because of the implicit deny statement.
  • CheesyBreadCheesyBread Posts: 99Member ■■□□□□□□□□
    All ACL's need at least one permit statement of some kind or they will block everything. In the initial question, if you put that ACL traffic won't pass.
Sign In or Register to comment.