Hi there,

The ACL ETHERNET_IN contains only one ACE:

ip access-list extended ETHERNET_IN
 permit ip any any log

...if you remove the only permit statement, you essential have an implict deny all ACE. This is why you cannot reach beyond the interface.

If you want to remove the ACE, you also need to the remove it from the interface:

!
interface FastEthernet0/0
 no ip access-group ETHERNET_IN in
!

cheers,

Seb.

I think you get it wrong when i remove the ACL from the interface the network is disconnected:

!
interface FastEthernet0/0
 no ip access-group ETHERNET_IN in
!

when i do the above command there should be no filtering but instead everything gets disconnected. 

Hello

---

@m-hossainagri wrote:

I think you get it wrong when i remove the ACL from the interface the network is disconnected:

!
interface FastEthernet0/0
 no ip access-group ETHERNET_IN in
!

when i do the above command there should be no filtering but instead everything gets disconnected. 

---

No sure how this can be, the acl ETHERNET_IN is allowing everything anyway and it isnt tied to any-other thing so without it applied to that interface all traffic will continue to be allowed it so nothing should be impeded.

hmmm, I agree with @paul driver . For our sanity can you provide the output of:

sh ip int fa0/0

...when the access-group is both applied and removed.

cheers,

Seb.

FastEthernet0/0 is up, line protocol is up
Internet address is 10.7.120.5/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.2 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is ETHERNET_IN
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

...
Outgoing access list is not set
Inbound access list is ETHERNET_IN
...

...OK and what is the output with the ACL removed from the interface?

we dont have an output acl.

the funny part is when we remove the inside acl as well everything will be discarded.

I meant remove the ACL:

!
interface FastEthernet0/0
 no ip access-group ETHERNET_IN in
!

...and then share the output of sh ip int fa0/0  

I just want to the see the router confirming that no ACL is set.

FastEthernet0/0 is up, line protocol is up
Internet address is 10.7.120.5/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.2 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled