Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP Access Lists

When I am going to stop some host, subnet or network from accessing a network , subnet or host, the communication blocks from both the side, i.e, source and destinatioin.

Also when I apply extended access list to block telnet, the ping does not work?

Kindly help me out this problem.

Thanks

4 REPLIES
New Member

Re: IP Access Lists

Post you config (take out passwords & real IP addresses).

New Member

Re: IP Access Lists

the configuration is as under:

Router 1 Ethernet 0= 172.16.10.1

Host 1A = 172.16.10.3

Host 2A = 172.16.10.4

Router 1 Serial 0 = 172.16.11.1

Router 2 Serial 0 = 172.16.11.2

Router 2 Ethenet 0 = 172.16.12.1

Host 1B = 172.16.12.3

Host 2B = 172.16.12.4

When I restrict Host 1B by following access list, communication from both source and destination stops:

access-list 110 deny tcp host 172.16.12.3 172.16.10.0 0.0.0.255 eq telnet log

and applies it on the Serial 0 on Router 1 as

ip access-group 110 in

Though the source is unable to telnet the 172.16.10.0 subnet but the vice versa is also true.

Kindly help me out.

Thanks

New Member

Re: IP Access Lists

Remember there is an implicit deny at the end of an access-list. If this is the router will only execute this line and also deny all other traffic whit the implicit deny as mention before. So you will have to add this command

access-list 110 permit ip any any

Hope this helps.

New Member

Re: IP Access Lists

I already applied this list but did not mentioned in my config

access-list 110 permit ip any any

the problem still persists. You cannot ping from the source to the destination and vice versa

Thanks

669
Views
0
Helpful
4
Replies