01-24-2017 08:28 AM - edited 03-08-2019 09:02 AM
i have attached my topology diagram below.in that i want to permit traffic from R2 (10.1.1.1/24 ) to R4 ( 20.1.1.2).i want to block all rest of the traffic . so i entered below command on R1
# access-list 100 permit ip host 10.1.1.1 host 20.1.1.2
#int fa 0/0
# ip access-group 100 in
#end
but it doesnt work . i can not ping from R2 to R4
Solved! Go to Solution.
01-24-2017 09:55 AM
Hello
Do you have any dynamic routing active, if so you need to allow that through
Example:( depends on what IGP you are using)
access-list 100 permit ospf any any
access-list 100 permit udp any any eq rip
access-list 100 permit eigrp any any
access-list 100 permit ip host 10.1.1.1 any
R4
int fa0/0
ip access-group 100 in
no ip unreachables
res
Paul
01-24-2017 09:08 AM
Hi,
Do you have any routing protocol running or even static routes?
Were you able to successfully ping the interface before you applied the ACL?
Cheers,
01-24-2017 09:09 AM
Hi you can ping fine between 10.1.1.1 to 20.1.1.2 before you apply the acl yes ?
01-25-2017 12:25 AM
yes i can ping
01-24-2017 09:55 AM
Hello
Do you have any dynamic routing active, if so you need to allow that through
Example:( depends on what IGP you are using)
access-list 100 permit ospf any any
access-list 100 permit udp any any eq rip
access-list 100 permit eigrp any any
access-list 100 permit ip host 10.1.1.1 any
R4
int fa0/0
ip access-group 100 in
no ip unreachables
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide