07-08-2008 06:42 AM - edited 03-06-2019 12:04 AM
i could just test this in the lab, but i want to run it by u guys...i created an extended acl with a deny as the first line, and permits there after...will that work?...
ip access-list extended test
deny tcp host 10.75.50.50 any www
permit icmp any any echo
permit icmp any any echo-reply
permit ip any any
thanks in advance
Solved! Go to Solution.
07-08-2008 06:50 AM
It will block all TCP 80 traffic sourcing from host 10.75.50.50, but all other traffic will be allowed. Also you don't need the icmp permits, the ip any any covers icmp too (unless you're doing it for hit counts).
Hope that helps.
07-08-2008 06:51 AM
Yes this will work. This will block 10.75.50.50 from using web access.
Mark
07-08-2008 09:51 AM
You are correct. To make this ACL work it needs to be placed inbound because you are denying traffic coming into the router or switch. Here is a guide that will help you decide which direction to place the ACL.
Mark
07-08-2008 06:50 AM
It will block all TCP 80 traffic sourcing from host 10.75.50.50, but all other traffic will be allowed. Also you don't need the icmp permits, the ip any any covers icmp too (unless you're doing it for hit counts).
Hope that helps.
07-08-2008 06:51 AM
sweet...just want i tought...thanks
07-08-2008 06:51 AM
Yes this will work. This will block 10.75.50.50 from using web access.
Mark
07-08-2008 06:56 AM
Yes you can put a deny first.
in your case it will deny 10.75.50.50 access to port 80 on any server.
However I do not think you need the ICMP lines, unless you want logging on that specific instance. The IP any any covers that too.
if you want logging then just add log at the end of the line.
07-08-2008 09:40 AM
oh yeah, what always get me, is the "in" "out" statement on the interface...
i just tested this out and its the "in" statement to make this acl work...
07-08-2008 09:51 AM
You are correct. To make this ACL work it needs to be placed inbound because you are denying traffic coming into the router or switch. Here is a guide that will help you decide which direction to place the ACL.
Mark
07-09-2008 06:12 AM
thanks, that always confuses me...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide