Solved: Re: All traffic hangs when I apply a simple access-list

benlemasurier · ‎09-15-2010

Hey everyone,

I'm attempting to log all outbound SMTP traffic so I can monitor for things like spambots on the network. I've created the following simple access-list:

ip access-list extended SMTP

remark SMTP TRAFFIC

permit tcp any any eq smtp log

!

interface GigabitEthernet0/1

...

ip access-group SMTP in

!

However, as soon as I apply it to ge0/1 all traffic hangs. Any thoughts?

Nagaraja Thanthry · ‎09-15-2010

Hello,

By default the access-list will have an implicit deny policy. So, when you applied the access-list to the interface, all other traffic got denied implicitely. Please add another line to the access-list that allows all other traffic:

ip access-list extended SMTP
remark SMTP TRAFFIC
permit tcp any any eq smtp log
permit ip any any

Hope this helps.

Regards,

NT

View solution in original post

Nagaraja Thanthry · ‎09-15-2010

Hello,

By default the access-list will have an implicit deny policy. So, when you applied the access-list to the interface, all other traffic got denied implicitely. Please add another line to the access-list that allows all other traffic:

ip access-list extended SMTP
remark SMTP TRAFFIC
permit tcp any any eq smtp log
permit ip any any

Hope this helps.

Regards,

NT