cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
5
Helpful
2
Replies

Access-list isn't working

rcpoemrvt
Level 1
Level 1

I want that no packet leaves f0/0 (R2).

 

These are my configurations:

 

R1:

 

!

interface FastEthernet0/0

 ip address 192.168.1.1 255.255.255.0

!

 

 

R2:

 

!

interface FastEthernet0/0

 ip address 192.168.1.2 255.255.255.0

 ip access-group 101 out

!

access-list 101 deny ip any any

!

1 Accepted Solution

Accepted Solutions

Given the configs shown in the original post R2 will be able to ping R1 and I am guessing that this (or something very similar) is what leads the original poster to say that the ACL is not working.

 

The issue here is that an access list applied outbound on an interface will not process traffic that is generated by the router itself. The ACL shown will be very effective in preventing transit traffic (traffic that came from somewhere to R2 and to be forwarded out f0/0). But it will not work on packets generated by R2.

 

HTH

 

Rick

HTH

Rick

View solution in original post

2 Replies 2

mukeshcu1
Level 1
Level 1

Hello rcpoemrvt,

You are applied access-list on R2's FastEthernet0/0 interface outbound direction. 

 

This configuration is perfect.. Please let me know how you are checking and what issue you are facing.

Also check you are getting hits in access-list or not.

Given the configs shown in the original post R2 will be able to ping R1 and I am guessing that this (or something very similar) is what leads the original poster to say that the ACL is not working.

 

The issue here is that an access list applied outbound on an interface will not process traffic that is generated by the router itself. The ACL shown will be very effective in preventing transit traffic (traffic that came from somewhere to R2 and to be forwarded out f0/0). But it will not work on packets generated by R2.

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card