06-23-2010 04:30 AM - edited 03-06-2019 11:43 AM
Dear Experts,
ACL not working in cisco 3550.
current IOS : /c3550-i9q3l2-mz.121-22.EA9.bin"
I need to deny host 10.28.0.30 from my network.
my ACL :
ip access-list extended abc
deny ip any host 10.28.0.30
permit ip any any
int vlan 100
ip access-group abc out
ip access-group abc in
OR
ip access extended abc1
deny icmp any host 10.28.0.30 echo
permit ip any any
int vlan 100
ip access-group abc1 out
ip access-group abc1 in
Still i am able to ping this host from my network, i need deny everything to this host ( ping , telnet, etc) from my network and my network throug vlan 100.
So please help me how can i solve this issue.
Thanks in ADV,
Solved! Go to Solution.
06-23-2010 04:41 AM
Hi,
Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.
Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.
If you want to block everything to/from this device,
ip access-list extended abc
deny ip any host 10.28.0.30
deny ip host 10.28.0.30 any
permit ip any any
and apply the same under interface.
HTH,
Nagendra
06-23-2010 04:41 AM
Hi,
Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.
Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.
If you want to block everything to/from this device,
ip access-list extended abc
deny ip any host 10.28.0.30
deny ip host 10.28.0.30 any
permit ip any any
and apply the same under interface.
HTH,
Nagendra
06-23-2010 05:01 AM
Dear Naikumar,
Thanks a lot , this command which is given by you, it's working fine.
I am not able to ping from my network to this host.
Thanks mate, have a great support.
Cheers!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: