날짜: 06-05-2024 06:24 PM
Hello @cnsa
You can achieve this by being selective about what you deny, ensuring that OSPF traffic is still allowed through by not explicitly denying it.
ip access-list extended OUTSIDE-IN
deny ip any any eq 80 ** Deny HTTP traffic
deny ip any any eq 443 ** Deny HTTPS traffic
deny ip any any eq 23 ** Deny Telnet traffic
deny ip any any eq 22 ** Deny SSH traffic
deny ip any any eq 3389 ** Deny RDP traffic
** Do not explicitly deny OSPF traffic (protocol 89)
** implicit deny all other traffic
--
In this configuration:
06-05-2024 06:50 PM - 편집 06-05-2024 06:51 PM
The Answer to your Q is your other Q
without permit ip any any the traffic will drop becuase ACL have implicit deny any any in end.
So you need to use permit in ACL or use CoPP which as your previous Q not work in packet tracer
MHM
날짜: 06-05-2024 10:39 PM
this lab for you @cnsa
the ACL end with hidden deny any any
so what you want to achieve can t be done without using permit OR using CoPP
lab I appply ACL deny only ICMP but since we dont use permit the ospf also deny by hidden ACL
MHM
날짜: 06-05-2024 06:24 PM
Hello @cnsa
You can achieve this by being selective about what you deny, ensuring that OSPF traffic is still allowed through by not explicitly denying it.
ip access-list extended OUTSIDE-IN
deny ip any any eq 80 ** Deny HTTP traffic
deny ip any any eq 443 ** Deny HTTPS traffic
deny ip any any eq 23 ** Deny Telnet traffic
deny ip any any eq 22 ** Deny SSH traffic
deny ip any any eq 3389 ** Deny RDP traffic
** Do not explicitly deny OSPF traffic (protocol 89)
** implicit deny all other traffic
--
In this configuration:
날짜: 06-05-2024 10:16 PM
that Sure not work
but anyway he OK with this solution
MHM
06-05-2024 06:50 PM - 편집 06-05-2024 06:51 PM
The Answer to your Q is your other Q
without permit ip any any the traffic will drop becuase ACL have implicit deny any any in end.
So you need to use permit in ACL or use CoPP which as your previous Q not work in packet tracer
MHM
날짜: 06-05-2024 10:39 PM
this lab for you @cnsa
the ACL end with hidden deny any any
so what you want to achieve can t be done without using permit OR using CoPP
lab I appply ACL deny only ICMP but since we dont use permit the ospf also deny by hidden ACL
MHM
날짜: 06-05-2024 10:41 PM
Thank you very much for your response.
새로운 아이디어를 발견하고 저장하세요. 전문가 답변, 단계별 가이드, 최근 주제 등 다양한 내용을 확인해 보세요.
처음이신가요? 아래 팁들을 확인해 보세요. 시스코 커뮤니티 사용하기 새 멤버 가이드