Solved: access control list - Page 2

FrankFlintstone16044 · ‎06-09-2022

I have three routers and three subnets

Central router has the following ACL

access-list 20 deny host 185.140.150.1

access-list 20 deny host 175.100.125.1

access-list 20 deny host 192.168.10.1

access-list 20 permit any

When i ping from 185.140.150.1 to 175 and 192 the ping should blocked but

C:\>ping 175.100.125.1




Pinging 175.100.125.1 with 32 bytes of data:




Reply from 175.100.125.1: bytes=32 time=13ms TTL=125

Reply from 175.100.125.1: bytes=32 time=16ms TTL=125

Reply from 175.100.125.1: bytes=32 time=2ms TTL=125

Reply from 175.100.125.1: bytes=32 time=2ms TTL=125




Ping statistics for 175.100.125.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 16ms, Average = 8ms




C:\>ping 192.168.10.1




Pinging 192.168.10.1 with 32 bytes of data:




Reply from 15.1.1.2: Destination host unreachable.

Reply from 15.1.1.2: Destination host unreachable.

Reply from 15.1.1.2: Destination host unreachable.

Reply from 15.1.1.2: Destination host unreachable.




When i ping from 175.100.125.1




C:\>ping 185.140.150.1




Pinging 185.140.150.1 with 32 bytes of data:




Reply from 185.140.150.1: bytes=32 time=14ms TTL=125

Reply from 185.140.150.1: bytes=32 time=14ms TTL=125

Reply from 185.140.150.1: bytes=32 time=2ms TTL=125

Reply from 185.140.150.1: bytes=32 time=2ms TTL=125




Ping statistics for 185.140.150.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 14ms, Average = 8ms




C:\>ping 192.168.10.1




Pinging 192.168.10.1 with 32 bytes of data:




Reply from 16.1.1.1: Destination host unreachable.

Reply from 16.1.1.1: Destination host unreachable.

Reply from 16.1.1.1: Destination host unreachable.

Reply from 16.1.1.1: Destination host unreachable.

why is traffic being allowed between 185 and 175 subnet?

FrankFlintstone16044 · ‎06-09-2022

Hi all

Thanks for the support today. I am beginning to get to grips with this now. Applying to an interface with in / out. The trainer said that this command should be used as follows

OUT- any traffic not belonging to a NETWORkis out

IN - any traffic belonging to a NETWORK is in

This is what threw me, I know understand that deny and allow are the correct terms based on subnet and application of the acl can be done at any interface based on in/out.

Sorry, I have had some poor training here obviously

FrankFlintstone16044 · ‎06-11-2022

one last question about the ios syntax i can't find an answer for.

why use

any any

and not just

any

Why use the any command twice?

MHM Cisco World · ‎06-11-2022

Any any

Meaning

Any source

Any destiantion

there are two type of ACL
one
standard ACL use only source <- here we use

permit ip any

other
extended ACL use source and destination <- here we use

permit ip any any