Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
874
Views
5
Helpful
4
Replies

Standard IP access list Behaviour

Go to solution
bp.noc
Level 1
Level 1

‎01-20-2019 11:15 PM - edited ‎03-11-2019 01:54 AM

Hello Guys,

 

I have query for ACL configured on my Cisco Router

For Example:-

 

Standard IP access list 10
10 deny any
Standard IP access list 25
10 permit 172.17.204.98
20 permit 172.17.1.205
30 permit 172.19.126.236
40 permit 172.18.1.89

 

So how this will work. Does all the traffic will deny?

When the deny for access list 10 will work and when the standard access list 25 will work

What is the use of sequence number in IP access-list.

Any help will be appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to bp.noc

‎01-21-2019 09:05 AM

yes when you apply below ACL everything will be denied.

 

Standard IP access list 10

 

Fix the ACL and test syslog, or remove the ACL and test and start adding one by one building the ACL by tsting, until you get hands on and understand how the ACL working.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-20-2019 11:47 PM

The access-lists are assigned to interfaces. Once the interface is selected
based on routing of outgoing traffic or the interface that received
traffic, the assigned ACL will be selected and applied.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-21-2019 12:22 AM

These 2 are conside 2 access list, you need to apply them in the respected interface to take affective.

both work in different way, the way you apply in the direction.

If i understand correctly you looking to permit certain IP and rest deny then below should work for you.

 

remove ACL 10

 

Standard IP access list 25
10 permit 172.17.204.98
20 permit 172.17.1.205
30 permit 172.19.126.236
40 permit 172.18.1.89

50 deny any any

 

Apply the ACL to respected interface.

 

look some reference guide :

 

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
bp.noc
Level 1
Level 1
In response to balaji.bandi

‎01-21-2019 01:27 AM

Thank you very much for your response.

 

So you meant to say, if I will have below access-list on the top of ACL, then it will deny all traffic?

For Example :-

Standard IP access list 10
10 deny any

Standard IP access list Vty_Access
10 permit 172.18.120.10

************

Also I am having issue to reach syslog server, is it because of the ACL on router, I am not able to access the syslog server.

There is Cisco ASA firewall between Syslog server and Router. From Firewall I can able to get syslog.

I am facing issue with router but When I am doing packet tracer from ASA it saw no drop till syslog server.

Any help in this as well really appreciated. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to bp.noc

‎01-21-2019 09:05 AM

yes when you apply below ACL everything will be denied.

 

Standard IP access list 10

 

Fix the ACL and test syslog, or remove the ACL and test and start adding one by one building the ACL by tsting, until you get hands on and understand how the ACL working.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents