cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

779
Views
0
Helpful
1
Replies
Highlighted
Beginner

Standar ACLs doubt

 

Hello!
I have a doubt about Standar ACL, My topology has two routers, two suitches, each of then with two hosts
R1
Dynamic routing protocol EIGRP
F 0/0 10.0.0.1/24 -> SW -> two hosts (10.0.0.2/24, 10.0.0.3/24)

R2
Dynamic routing protocol EIGRP
F 0/0 30.0.0.1/24 -> SW -> two hosts (30.0.0.2/24, 30.0.0.3/24)

In my LAB, I was asked to make an Standar ACL that will prevent the access to 30.0.0.0/24 from 10.0.0.0/24, execept hots 10.0.0.2/24
My Standar access list is:
access-list 1 permit 10.0.0.2 0.0.0.0
access-list 1 deny 10.0.0.0 0.0.0.255
access-list 1 permit any

Applied in R2 F 0/0:
ip access-group 1 out

So far there is not problem, my doubt is Why I can ping 30.0.0.1/24 from other host that belongs to 10.0.0.0/24 differents 10.0.0.2/24?

For instance:
(host 10.0.0.3/24) ping 30.0.0.1 Successful
(host 10.0.0.3/24) ping 30.0.0.2 Unsuccessful

It's successful because 30.0.0.1 belongs to 30.0.0.0/24 but It's before the exit of the router?

Note: Sorry for my English, I hope you can understand me!
Renny

1 REPLY 1
Highlighted
VIP Expert

access-list 1 permit 10.0.0.2 0.0.0.0   - because you have ACL allowed for the Host, not network here.

other rule you have blocked /24 network, so host entry will be allowed as part of ACL.

 



BB


*** Rate All Helpful Responses ***

Content for Community-Ad