All traffic hangs when I apply a simple access-list

Answered Question
Sep 15th, 2010
User Badges:

Hey everyone,


I'm attempting to log all outbound SMTP traffic so I can monitor for things like spambots on the network. I've created the following simple access-list:



ip access-list extended SMTP

remark SMTP TRAFFIC

permit tcp any any eq smtp log

!

interface GigabitEthernet0/1
  ...
  ip access-group SMTP in
!
However, as soon as I apply it to ge0/1 all traffic hangs. Any thoughts?
Correct Answer by Nagaraja Thanthry about 6 years 10 months ago

Hello,


By default the access-list will have an implicit deny policy. So, when you applied the access-list to the interface, all other traffic got denied implicitely. Please add another line to the access-list that allows all other traffic:


ip access-list extended SMTP
remark SMTP TRAFFIC
permit tcp any any eq smtp log
permit ip any any


Hope this helps.


Regards,


NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Nagaraja Thanthry Wed, 09/15/2010 - 13:42
User Badges:
  • Cisco Employee,

Hello,


By default the access-list will have an implicit deny policy. So, when you applied the access-list to the interface, all other traffic got denied implicitely. Please add another line to the access-list that allows all other traffic:


ip access-list extended SMTP
remark SMTP TRAFFIC
permit tcp any any eq smtp log
permit ip any any


Hope this helps.


Regards,


NT

Actions

This Discussion