I agreed with Chuck.
If your first line in ACL is "Deny ip host 0.0.0.0 any", seem to me it will
deny all IP regardless you put permit IP after it. (as of my head, router
will go from top down, which is check 1st ACL if not match then go to 2nd
ACL and if not match then go to 3rd ACL....and so on...) In this case you
put the deny any host on your 1st ACL then it match therefore it will drop
the packet without go to next ACL.
> >ip access-list extended FrameInbound
> >deny ip host 0.0.0.0 any
> >permit ip 192.168.50.0 0.0.0.255 192.168.5.0 0.0.0.255
> >
----- Original Message -----
From: "Chuck Larrieu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 22, 2000 1:30 PM
Subject: RE: Access List/EIGRP Problem
> This topic brings up some of the subtleties with regards to access lists.
> Now that I am looking into more complex interactions among protocols and
> services, I am finding that just about any time I have to engage
> access-lists I have to begin thinking in far broader terms than I am used
> to. And certainly in far broader terms than several of the well known
> introductory and CCNA level books suggest.
>
> There is nothing like applying a standard access list to an interface,
then
> a few minutes later seeing your routes disappear!
>
> Some of the more advanced texts suggest constructing access-lists such
that
> most specific items appear first, and then filter down to least specific.
> Others may suggest that one put the mostly likely to be used things at the
> top of the lists and work down.
>
> I'm getting to the point where I have to remember to put routing protocol
> items at the top of my lists.
>
> I guess what I'm getting to in my rambling way is that access-list
> construction and placement is probably more of n art than a science. One
> must always consider what one is doing, and why. One must always consider
> the law of unintended consequences.
>
> Happy holidays!
>
> Chuck
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Stephen Skinner
> Sent: Friday, December 22, 2000 12:42 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Access List/EIGRP Problem
>
>
> your access-list is the wrong way round ......you have a deny host any any
> I.E your 0.0.0.0 is treated as a any any ....then the permit....
> if oyu put them the other way round it should work
>
> >From: "Stull, Cory" <[EMAIL PROTECTED]>
> >Reply-To: "Stull, Cory" <[EMAIL PROTECTED]>
> >To: "'Edward Gomez'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'"
> > <[EMAIL PROTECTED]>
> >Subject: RE: Access List/EIGRP Problem
> >Date: Tue, 19 Dec 2000 09:05:07 -0600
> >
> >Edward,
> >
> >Without seeing your whole config we can't be positive but your probably
> >also
> >blocking your EIGRP hellos. You might want to go with distribute-list
> >anyway. Go to cisco.com and lookup distribute-list and go to the link
on
> >using it with EIGRP.
> >
> >Good luck
> >Cory
> >
> >-----Original Message-----
> >From: Edward Gomez [mailto:[EMAIL PROTECTED]]
> >Sent: Tuesday, December 19, 2000 8:30 AM
> >To: '[EMAIL PROTECTED]'
> >Subject: Access List/EIGRP Problem
> >
> >
> >Hi everybody,
> >
> >I am having an issue with the following access list. I am trying to put
an
> >ACL on my frame router that can limit which network inside my company a
> >partner
> >can access. I basically want any traffic coming from 192.168.50.0 to be
> >able
> >to go to 192.168.5.0. When I apply the access list nothing gets through.
> >If I ping a remote address I get a TTL expired in transit. I am running
> >EIGRP between the routers. Do I need to have an access list that allows
> >access to the LAN side for EIGRP updates? or is this done via the WAN
port?
> >What am I doing wrong here??
> >
> >
> >ip access-list extended FrameInbound
> >deny ip host 0.0.0.0 any
> >permit ip 192.168.50.0 0.0.0.255 192.168.5.0 0.0.0.255
> >
> >I have also tried: permit ip 192.168.50.0 0.0.0.255 host 192.168.5.0 and
> >that did not work either.
> >
> >Thanks in advance!!!
> >
> >Eddie
> >----------
> >Edward J. Gomez, MCSE, CNE, CCNA
> >Information Systems Manager
> >ProxyMed, Inc
> >2555 Davie Road,
> >Suite 110
> >Fort Lauderdale, Florida 33317
> >(954) 473-1001 x315
> >http://www.proxymed.com
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
