cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
0
Helpful
2
Replies

ACL not working in Cisco 3550

csawest.dc
Level 3
Level 3

Dear Experts,

ACL not working in cisco 3550.

current IOS : /c3550-i9q3l2-mz.121-22.EA9.bin"

I need to deny host 10.28.0.30 from my network.

my ACL :

ip access-list extended abc

deny ip any host 10.28.0.30

permit ip any any

int vlan 100

ip access-group abc out

ip access-group abc in

OR

ip access extended abc1

deny icmp any host 10.28.0.30 echo

permit ip any any

int vlan 100

ip access-group abc1 out

ip access-group abc1 in

Still i am able to ping this host from my network, i need deny everything to this host ( ping , telnet, etc) from my network and my network throug vlan 100.

So please help me  how can i solve this issue.

Thanks in ADV,

1 Accepted Solution

Accepted Solutions

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

Hi,

Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.

Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.

If you want to block everything to/from this device,

ip access-list extended abc

deny ip any host 10.28.0.30

deny ip host 10.28.0.30 any

permit ip any any

and apply the same under interface.

HTH,

Nagendra

View solution in original post

2 Replies 2

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

Hi,

Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.

Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.

If you want to block everything to/from this device,

ip access-list extended abc

deny ip any host 10.28.0.30

deny ip host 10.28.0.30 any

permit ip any any

and apply the same under interface.

HTH,

Nagendra

Dear Naikumar,

Thanks  a lot , this command which is given by you, it's working fine.

I am not able to ping from my network to this host.

Thanks mate, have a great support.

Cheers!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco