05-13-2005 05:37 AM - edited 03-02-2019 10:45 PM
Hi,
I want to permit host 10.1.1.1 of network 10.1.1.0/24 on a a 2950 switch and deny all other hosts of this network.
Which one is correct?
deny ip 10.1.1.0 0.0.0.255 any
permit ip host 10.1.1.1 0.0.0.0 any
or
permit ip host 10.1.1.1 0.0.0.0 any
deny ip 10.1.1.0 0.0.0.255 any
05-13-2005 05:48 AM
Almost, in extended ACL format its:
access-list 101 permit ip host 10.1.1.1 0.0.0.0 any
access-list 101 deny ip any any
However you could also use the standard format as i guess you are using this for VTY access to your switch
access-list 1 permit 10.1.1.1
access-list 1 deny any
HTH
Paddy
05-13-2005 06:46 AM
This would be the correct syntax
# extenden access-list
access-list 101 permit ip host 10.1.1.1 any
or
access-list 101 permit ip 10.1.1.1 0.0.0.0 any
#Standard access-list
access-list 10 permit host 10.1.1.1
or
access-list 10 permit 10.1.1.1 0.0.0.0
Also the deny ip any any isn't necessary because there is an implicit deny at the end of each access-list. For logging reasons however I can imagine the someone would configure the "deny ip any any log" statement.
05-13-2005 07:58 AM
Remember ACL's work in sequential order .
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide