Showing results for 
Search instead for 
Did you mean: 

Access-List Question

Hello Community,

Can someone please tell why this access list wont work.

I can still ping from R1, with ip address even though its in /24, however I can't ping from R4 with ip address even its in /16 subnet.

Extended IP access list 102

    10 permit ip host any

    20 permit ip host any

    30 deny ip any

    40 permit ip any

Attached are the configs and topology.

1 Reply 1

Level 3
Level 3

Hi Carlton,

The problem is because you have the same IP address assigned to two different routers. Regardless of the subnet mask applied, the IP address is the same.

So when you ping from R1 to, the ping is successful as your ACL allows the traffic. The ping will match line 20 in the ACL.

When you ping from R4, the packet must traverse R1 to reach the network The issue here is that R4 sends a packet with an IP source of, and when it reaches R1, R1 sees that it also has an IP of assigned to its loopback 1 interface. R1 knows it can not have sent that packet and promptly drops it.

Try changing the loopback 1 IP of R4 to

As a side note, you would generally apply ACLs to traffic flowing IN to an interface.



HTH Paul ****Please rate useful posts****