Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
4
Helpful
3
Replies

Access List Question

bijan.kianifard
Level 1
Level 1

‎05-13-2005 05:37 AM - edited ‎03-02-2019 10:45 PM

Hi,

I want to permit host 10.1.1.1 of network 10.1.1.0/24 on a a 2950 switch and deny all other hosts of this network.

Which one is correct?

deny ip 10.1.1.0 0.0.0.255 any

permit ip host 10.1.1.1 0.0.0.0 any

or

permit ip host 10.1.1.1 0.0.0.0 any

deny ip 10.1.1.0 0.0.0.255 any

Labels:
0 Helpful
3 Replies 3

paddyxdoyle
Level 6
Level 6

‎05-13-2005 05:48 AM

Almost, in extended ACL format its:

access-list 101 permit ip host 10.1.1.1 0.0.0.0 any

access-list 101 deny ip any any

However you could also use the standard format as i guess you are using this for VTY access to your switch

access-list 1 permit 10.1.1.1

access-list 1 deny any

HTH

Paddy

0 Helpful

gwes
Level 1
Level 1
In response to paddyxdoyle

‎05-13-2005 06:46 AM

This would be the correct syntax

# extenden access-list

access-list 101 permit ip host 10.1.1.1 any

or

access-list 101 permit ip 10.1.1.1 0.0.0.0 any

#Standard access-list

access-list 10 permit host 10.1.1.1

or

access-list 10 permit 10.1.1.1 0.0.0.0

Also the deny ip any any isn't necessary because there is an implicit deny at the end of each access-list. For logging reasons however I can imagine the someone would configure the "deny ip any any log" statement.

peterledwidge
Level 1
Level 1

‎05-13-2005 07:58 AM

Remember ACL's work in sequential order .

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card