Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
0
Helpful
1
Replies

Standar ACLs doubt

RennyGalindez
Level 1
Level 1

‎10-15-2019 08:21 AM - edited ‎02-21-2020 11:11 AM

 

Hello!
I have a doubt about Standar ACL, My topology has two routers, two suitches, each of then with two hosts
R1
Dynamic routing protocol EIGRP
F 0/0 10.0.0.1/24 -> SW -> two hosts (10.0.0.2/24, 10.0.0.3/24)

R2
Dynamic routing protocol EIGRP
F 0/0 30.0.0.1/24 -> SW -> two hosts (30.0.0.2/24, 30.0.0.3/24)

In my LAB, I was asked to make an Standar ACL that will prevent the access to 30.0.0.0/24 from 10.0.0.0/24, execept hots 10.0.0.2/24
My Standar access list is:
access-list 1 permit 10.0.0.2 0.0.0.0
access-list 1 deny 10.0.0.0 0.0.0.255
access-list 1 permit any

Applied in R2 F 0/0:
ip access-group 1 out

So far there is not problem, my doubt is Why I can ping 30.0.0.1/24 from other host that belongs to 10.0.0.0/24 differents 10.0.0.2/24?

For instance:
(host 10.0.0.3/24) ping 30.0.0.1 Successful
(host 10.0.0.3/24) ping 30.0.0.2 Unsuccessful

It's successful because 30.0.0.1 belongs to 30.0.0.0/24 but It's before the exit of the router?

Note: Sorry for my English, I hope you can understand me!
Renny

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎10-15-2019 09:26 AM - edited ‎10-15-2019 09:26 AM

access-list 1 permit 10.0.0.2 0.0.0.0   - because you have ACL allowed for the Host, not network here.

other rule you have blocked /24 network, so host entry will be allowed as part of ACL.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents