I am very frustrated today with the extended control list , here is the topology in the diagram below , i want that the pc2 which has a ip
of 192.168.40.2 /24 cant ping the router 1 interfaces to accomplish this, i configure Router 1 with the acl of
access-list 102 deny icmp any host 192.168.40.2access-list 102 permit ip any any
and put that acl on s1/1 interface
interface Serial1/1 ip address 192.168.20.1 255.255.255.0 ip access-group 102 in serial restart-delay 0 clock rate 64000
after implement this configuration the pc 2(192.168.40.2)can still ping the router 1 , but pc2 (192.168.40.2)cant the the router2 s1/0 interface which has a ip address 192.168.10.2 .
i dont know what wrong with my acl configuration i know u guys can help me.
Please replay me soon
Here's a hint: Check which interface the ACL should be applied too or the ACL direction.
sorry i didnt get u
If i understand correctly , you want the PC 2 not to ping the Router 1's interface. If this is correct here is the configuration.
access-list 102 deny icmp host 192.168.40.2 host 192.168.20.1access-list 102 permit ip any any
and apply that acl on s1/1 interface
interface Serial1/1 ip address 192.168.20.1 255.255.255.0 ip access-group 102 in
Note that only the ICMP traffic destined to Router 1's 192.168.20.1 ip address sourced from PC 2 will be dropped.
If you want to drop all the ICMP traffic originated from PC2 then use the following:
access-list 102 deny icmp host 192.168.40.2 any access-list 102 permit ip any any
after configure exactly what u say , the pc2 still can ping the R1 s1/1 interface but r1 is not reply all the icmp echo packet to pc2 , it replay only the certain packets... below is the output of the vpcs 2
VPCS 2 >ping 192.168.20.119184.108.40.206 icmp_seq=1 time=32.000 ms192.168.20.1 icmp_seq=2 timeout192.168.20.1 icmp_seq=3 time=40.000 ms192.168.20.1 icmp_seq=4 timeout192.168.20.1 icmp_seq=5 time=39.000 ms