https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784018#M542702 <P>These 2 are conside 2 access list, you need to apply them in the respected interface to take affective.</P> <P>both work in different way, the way you apply in the direction.</P> <P>If i understand correctly you looking to permit certain IP and rest deny then below should work for you.</P> <P>&nbsp;</P> <P>remove ACL 10</P> <P>&nbsp;</P> <P><SPAN>Standard IP access list 25</SPAN><BR /><SPAN>10 permit 172.17.204.98</SPAN><BR /><SPAN>20 permit 172.17.1.205</SPAN><BR /><SPAN>30 permit 172.19.126.236</SPAN><BR /><SPAN>40 permit 172.18.1.89</SPAN></P> <P><SPAN>50 deny any any</SPAN></P> <P>&nbsp;</P> <P><SPAN>Apply the ACL to respected interface.</SPAN></P> <P>&nbsp;</P> <P>look some reference guide :</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html</A></P> <P>&nbsp;</P> Mon, 21 Jan 2019 08:22:03 GMT balaji.bandi 2019-01-21T08:22:03Z https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3783968#M542699 <P>Hello Guys,</P> <P>&nbsp;</P> <P>I have query for&nbsp;ACL configured on my Cisco Router</P> <P>For Example:-</P> <P>&nbsp;</P> <P>Standard IP access list 10<BR /> 10 deny any<BR />Standard IP access list 25<BR /> 10 permit 172.17.204.98<BR /> 20 permit 172.17.1.205<BR /> 30 permit 172.19.126.236<BR /> 40 permit 172.18.1.89</P> <P>&nbsp;</P> <P>So how this will work. Does all the traffic will deny?</P> <P>When the deny for access list 10 will work and when the standard access list 25 will work</P> <P>What is the use of sequence number in IP access-list.</P> <P>Any help will be appreciated.</P> Mon, 11 Mar 2019 08:54:06 GMT https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3783968#M542699 bp.noc 2019-03-11T08:54:06Z https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3783995#M542700 The access-lists are assigned to interfaces. Once the interface is selected<BR />based on routing of outgoing traffic or the interface that received<BR />traffic, the assigned ACL will be selected and applied.<BR /> Mon, 21 Jan 2019 07:47:26 GMT https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3783995#M542700 Mohammed al Baqari 2019-01-21T07:47:26Z https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784018#M542702 <P>These 2 are conside 2 access list, you need to apply them in the respected interface to take affective.</P> <P>both work in different way, the way you apply in the direction.</P> <P>If i understand correctly you looking to permit certain IP and rest deny then below should work for you.</P> <P>&nbsp;</P> <P>remove ACL 10</P> <P>&nbsp;</P> <P><SPAN>Standard IP access list 25</SPAN><BR /><SPAN>10 permit 172.17.204.98</SPAN><BR /><SPAN>20 permit 172.17.1.205</SPAN><BR /><SPAN>30 permit 172.19.126.236</SPAN><BR /><SPAN>40 permit 172.18.1.89</SPAN></P> <P><SPAN>50 deny any any</SPAN></P> <P>&nbsp;</P> <P><SPAN>Apply the ACL to respected interface.</SPAN></P> <P>&nbsp;</P> <P>look some reference guide :</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html</A></P> <P>&nbsp;</P> Mon, 21 Jan 2019 08:22:03 GMT https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784018#M542702 balaji.bandi 2019-01-21T08:22:03Z https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784071#M542703 <P>Thank you very much for your response.</P> <P>&nbsp;</P> <P>So you meant to say, if I will have below access-list on the top of ACL, then it will deny all traffic?</P> <P>For Example :-</P> <P>Standard IP access list 10<BR /> 10 deny any</P> <P>Standard IP access list Vty_Access<BR /> 10 permit 172.18.120.10</P> <P>************</P> <P>Also I am having issue to reach syslog server, is it because of the ACL on router, I am not able to access the syslog server.</P> <P>There is Cisco ASA firewall between Syslog server and Router. From Firewall I can able to get syslog.</P> <P>I am facing issue with router but When I am doing packet tracer from ASA it saw no drop till syslog server.</P> <P>Any help in this as well really appreciated.&nbsp;</P> Mon, 21 Jan 2019 09:27:37 GMT https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784071#M542703 bp.noc 2019-01-21T09:27:37Z https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784397#M542705 <P>yes when you apply below ACL everything will be denied.</P> <P>&nbsp;</P> <P>Standard IP access list 10</P> <P>&nbsp;</P> <P>Fix the ACL and test syslog, or remove the ACL and test and start adding one by one building the ACL by tsting, until you get hands on and understand how the ACL working.</P> <P>&nbsp;</P> Mon, 21 Jan 2019 17:05:18 GMT https://community.cisco.com/t5/network-access-control/standard-ip-access-list-behaviour/m-p/3784397#M542705 balaji.bandi 2019-01-21T17:05:18Z