Re: Deny one source network to another destination network

Arun Muraleedharan · ‎07-12-2018

Here I just tried to deny network 6.6.6.6/32 in 200.100.50.1/32(both are loopbacks created in R3 and R1 respectively) and 200.100.50.1/32 in 6.6.6.6/32(two way denial).I want to permit all other networks. But it didn't work.I have attatched the configuration file.Can anybody please help me finding out the mistake i have done.Thanks in advance.

Jon Marshall · ‎07-12-2018

Your description does not match your configuration files.

What exactly are you trying to do ?

Note on R3 your acl is applied in the wrong direction.

Jon

Arun Muraleedharan · ‎07-13-2018

Thanks Mr.Jon Marshall for responding to my query.

Actually I want to stop communication between 200.100.50.1/32 and 6.6.6.6/32 in both direction allowing all other communication.I have done changing direction of ACL application on interface(R3's in s1/1) to 'in'.But at that time neighborship between R2 n R3 went down.Do I need to apply a similar ACL at R1 by interchanging source and destination ip for this?Can you please mention how the ACL will look like?

a.alekseev · ‎07-13-2018

no access-list 110
access-list 110 deny ip 6.6.6.6 0.0.0.0 192.168.10.0 0.0.0.255
access-list 110 permit ip any any