Re: Difference between ACL

silviu1983 · ‎09-12-2019

Hy,

I have noticed some difference in creating ACL

i mean i have the following lab

in the upper middle router when i create

access-list 2 deny 10.90.0.0 0.0.255.255 - nothing happens , which is as expected

but, when i type

access-list 1 deny 10.90.0.0 0.0.255.255 - it gets applied imediatelly no matter what i do and i cannot ping from any hosts to any host

so my question is. why acces-list 1 gets applied imediatelly without assign it on a interface with the

ip access-group - command?

Seb Rupik · ‎09-12-2019

Hi there,

There is nothing special about access-list number 1.

Can you share the full config of the router with us?

cheers,

Seb.

silviu1983 · ‎09-13-2019

Building configuration...

Current configuration : 919 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

no ip cef

no ipv6 cef

!

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.90.0.1 255.255.0.0

duplex auto

speed auto

!

interface Serial0/1/0

ip address 192.168.10.1 255.255.255.0

ip access-group 110 out

clock rate 4000000

!

interface Serial0/1/1

no ip address

clock rate 4000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.20.0 255.255.255.0 192.168.10.2

!

ip flow-export version 9

!

access-list 110 deny ip host 192.168.0.2 host 192.168.20.9

access-list 110 permit ip any any

!

line con 0

logging synchronous

!

line aux 0

!

line vty 0 4

login

!

end