Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL not working in Cisco 3550

Dear Experts,

ACL not working in cisco 3550.

current IOS : /c3550-i9q3l2-mz.121-22.EA9.bin"

I need to deny host 10.28.0.30 from my network.

my ACL :

ip access-list extended abc

deny ip any host 10.28.0.30

permit ip any any

int vlan 100

ip access-group abc out

ip access-group abc in

OR

ip access extended abc1

deny icmp any host 10.28.0.30 echo

permit ip any any

int vlan 100

ip access-group abc1 out

ip access-group abc1 in

Still i am able to ping this host from my network, i need deny everything to this host ( ping , telnet, etc) from my network and my network throug vlan 100.

So please help me  how can i solve this issue.

Thanks in ADV,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACL not working in Cisco 3550

Hi,

Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.

Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.

If you want to block everything to/from this device,

ip access-list extended abc

deny ip any host 10.28.0.30

deny ip host 10.28.0.30 any

permit ip any any

and apply the same under interface.

HTH,

Nagendra

2 REPLIES
Cisco Employee

Re: ACL not working in Cisco 3550

Hi,

Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.

Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.

If you want to block everything to/from this device,

ip access-list extended abc

deny ip any host 10.28.0.30

deny ip host 10.28.0.30 any

permit ip any any

and apply the same under interface.

HTH,

Nagendra

New Member

Re: ACL not working in Cisco 3550

Dear Naikumar,

Thanks  a lot , this command which is given by you, it's working fine.

I am not able to ping from my network to this host.

Thanks mate, have a great support.

Cheers!!!

244
Views
0
Helpful
2
Replies
CreatePlease to create content