Re: IP Access Lists

kpatoli · ‎05-12-2002

When I am going to stop some host, subnet or network from accessing a network , subnet or host, the communication blocks from both the side, i.e, source and destinatioin.

Also when I apply extended access list to block telnet, the ping does not work?

Kindly help me out this problem.

Thanks

e-see · ‎05-12-2002

Post you config (take out passwords & real IP addresses).

kpatoli · ‎05-13-2002

the configuration is as under:

Router 1 Ethernet 0= 172.16.10.1

Host 1A = 172.16.10.3

Host 2A = 172.16.10.4

Router 1 Serial 0 = 172.16.11.1

Router 2 Serial 0 = 172.16.11.2

Router 2 Ethenet 0 = 172.16.12.1

Host 1B = 172.16.12.3

Host 2B = 172.16.12.4

When I restrict Host 1B by following access list, communication from both source and destination stops:

access-list 110 deny tcp host 172.16.12.3 172.16.10.0 0.0.0.255 eq telnet log

and applies it on the Serial 0 on Router 1 as

ip access-group 110 in

Though the source is unable to telnet the 172.16.10.0 subnet but the vice versa is also true.

Kindly help me out.

Thanks

gspencer · ‎05-13-2002

Remember there is an implicit deny at the end of an access-list. If this is the router will only execute this line and also deny all other traffic whit the implicit deny as mention before. So you will have to add this command

access-list 110 permit ip any any

Hope this helps.

kpatoli · ‎05-13-2002

I already applied this list but did not mentioned in my config

access-list 110 permit ip any any

the problem still persists. You cannot ping from the source to the destination and vice versa

Thanks