cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
285
Views
1
Helpful
1
Replies

ACL - denying traffic for a specific range and type

liamfm
Level 1
Level 1

Please don't shoot me down, I'm completely new to this, and it's actually part of a study question.

I've setup an ACL on in the incoming port of fa0/0 of a switch in packet tracer. It successfully allows only even IP addresses in a specific range through:

Extended IP access list 107

permit tcp 0.0.0.0 255.255.255.254 0.0.0.0 255.255.255.254 eq www (2 match(es))

permit tcp 0.0.0.0 255.255.255.254 0.0.0.0 255.255.255.254 eq 443

What I can't seem to do, is to allow all other traffic - which is what the question asks for. I must not be understanding this correctly, but the two lines only specific traffic through, and then there's an implicit deny anything else?

How can I allow 'all other' traffic through without allowing what was previously being denied, now being allowed through? Does that even make sense?

1 Reply 1

Martin L
VIP
VIP

Fix this right now is by Adding permit any any as your 3rd line , after your permit tcp xx.xxx 443

Perhaps, better solution is to deny odd traffic in listed http/https range and permit any any the end 

" an implicit deny anything else " simply means that at the end of every ACL there is  hidden deny any any command. So, u put your permit lines up front at the top of ACL (more specific lines first) before implicit deny any any  .  Verify with show access-list or show ip access-list to see ACL lines

Or use explicit permit any any at the end of ACL while using deny xyz  upfront

Regards, ML
**Please Rate All Helpful Responses **

Review Cisco Networking for a $25 gift card