Begineer ACL question...

Unanswered Question
Apr 16th, 2009
User Badges:
  • Silver, 250 points or more

Beginner ACL/school issue...

Attached is my topology....

I want to prevent the network from being able to reach

the network, this I had accomplished in the ACL.

However I though I should be able to ping from the R3 network over to the

R1 network, I am unable too. Why is this?

Here is my parts of my config and ACL...

R2#sh run int s0/0

Building configuration...

Current configuration : 160 bytes


interface Serial0/0

ip address

ip access-group LAN_R1_PREVENT in

ip accounting output-packets

ip accounting access-violations



R2#sh access-l

Extended IP access list LAN_R1_PREVENT

10 permit ospf any any log (77 matches)

20 deny icmp log (17 matches)

30 permit icmp any any log (4 matches)

40 permit icmp any any echo-reply

50 permit icmp any any time-exceeded

60 permit icmp any any packet-too-big

70 deny ip log

80 deny ip any any

90 deny tcp any any

100 deny udp any any


I am going to speculate that (when pinging from PC3) the packet is making to the network but

is unable to make it back to the pinging host due to the ACL, is this correct?

Note that when I take down the ACL the pings work just fine.

Here is the output on R2 when I attempt to ping from

*Mar 1 07:10:54.379: %SEC-6-IPACCESSLOGDP: list LAN_R1_PREVENT denied icmp -> (8/0), 4 packets

From PC3 I can ping all the way up to

Thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Edison Ortiz Thu, 04/16/2009 - 19:02
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Try this ACL

ip access-list extended LAN_R1_PREVENT

permit ospf any any

permit icmp echo-reply

deny icmp

deny ip any any




jimmysands73_2 Sat, 04/18/2009 - 12:23
User Badges:
  • Silver, 250 points or more

My issue has been fixed, I read the orginal problem wrong...thanks for your assistance.


This Discussion