Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
4
Replies

Named and numbered ACL

Go to solution
jonk34567
Level 4
Level 4

‎01-24-2017 08:28 AM - edited ‎03-08-2019 09:02 AM

i have attached my topology diagram below.in that i want to permit traffic from R2 (10.1.1.1/24 )  to R4 ( 20.1.1.2).i want to block all rest  of the traffic . so i entered below command on R1  

# access-list  100  permit  ip  host  10.1.1.1  host  20.1.1.2

#int fa 0/0

# ip access-group 100 in 

#end

but it doesnt work . i can not ping from R2 to  R4

Labels:
Preview file
31 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎01-24-2017 09:55 AM

Hello

Do you have any dynamic routing active, if so you need to allow that through
Example:( depends on what IGP you are using)
access-list 100 permit ospf any any
access-list 100 permit udp any any eq rip
access-list 100 permit eigrp any any
access-list 100 permit ip host 10.1.1.1 any

R4
int fa0/0
ip access-group 100 in
no ip unreachables


res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
4 Replies 4

Go to solution
konstantinoschiotakis
Level 1
Level 1

‎01-24-2017 09:08 AM

Hi,

Do you have any routing protocol running or even static routes?

Were you able to successfully ping the interface before you applied the ACL?

If the answer for above is yes then try to source the ping with the 10.1.1.1 IP address.

Cheers,

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-24-2017 09:09 AM

Hi you can ping fine between 10.1.1.1 to 20.1.1.2 before you apply the acl yes ? 

0 Helpful

Go to solution
jonk34567
Level 4
Level 4
In response to Mark Malone

‎01-25-2017 12:25 AM

yes i can ping

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-24-2017 09:55 AM

Hello

Do you have any dynamic routing active, if so you need to allow that through
Example:( depends on what IGP you are using)
access-list 100 permit ospf any any
access-list 100 permit udp any any eq rip
access-list 100 permit eigrp any any
access-list 100 permit ip host 10.1.1.1 any

R4
int fa0/0
ip access-group 100 in
no ip unreachables


res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card