Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL Question Packet Tracer

I am taking my CCNA exam thursday and I am going through some packet tracer labs to study.

I have came across this lab that request the following.

Configure standard named ACLs on the R1 and R3 vty lines, permitting hosts connected directly to their Fast Ethernet subnets to gain Telnet access. Deny all other connection attempts.Name these standard ACLs VTY-Local

I did the following.

ip access-list standard VTY-Local


I then added this to the vty interface for the IN direction.

The problem I am having is that it is telling me that this ACL is wrong. Now here is were I am confused.

If I add the 'deny any' statement to the ACL, it marks it as correct.

I thought that ACL's have an implicit deny statement on them, so why do I need to add this?

Also, one more thing.

When I try to go back and edit the ACL by typing the following,

ip access-list standard VTY-Local

It tells me the ACL already exist. Do I have to delet the list every time I want to edit it?

  • Other Security Subjects

ACL Question Packet Tracer

Hello Russell!

Packet Tracer will give you points/procentage on what it thinks is right... the "deny any" at the end is configured to be the correct answer, but leaving it without writing "deny any" will perform the exact same task.

For the next question, you should try upgrading packet tracer, with my version, you can reenter it and exit.

This widget could not be displayed.