cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
182
Views
5
Helpful
2
Replies
Highlighted
Participant

Why this access-list keeps blocking other hosts ?

I have a C2610 running IOS12.3.

I want to deny icmp from my serverA to the e0/0 interface in the C2610.

e0/0 IP=192.168.2.19.

I do:

#config t

#int e0/0

ip access-group 101 in

#config t

access-list 101 deny icmp host 192.168.2.19 host 192.168.2.61

Then I attempt to ping from 192.168.2.19 and icmp traffic is blocked - OK.

The problem is that I go to another serverB, IP=192.168.2.8 and that one also is getting icmp blocked. What am I doing wrong ?

2 REPLIES 2
Highlighted
Enthusiast

Don't forget the implicit Deny ip any any at the end of every access-list.

You will need to add a line to allow ip any any if you want other traffic to pass.

Let me know if this helps.

Highlighted

You are guys are rocking. Thanks Michael. That was it.

Content for Community-Ad