the rule of the game for access-list is first specify
the more specific then go on to the general
--- Minh Vu <[EMAIL PROTECTED]> wrote:
> I agreed with Chuck.
>
> If your first line in ACL is "Deny ip host 0.0.0.0
> any", seem to me it will
> deny all IP regardless you put permit IP after it.
> (as of my head, router
> will go from top down, which is check 1st ACL if not
> match then go to 2nd
> ACL and if not match then go to 3rd ACL....and so
> on...) In this case you
> put the deny any host on your 1st ACL then it match
> therefore it will drop
> the packet without go to next ACL.
>
>
> > >ip access-list extended FrameInbound
> > >deny ip host 0.0.0.0 any
> > >permit ip 192.168.50.0 0.0.0.255 192.168.5.0
> 0.0.0.255
> > >
>
>
>
> ----- Original Message -----
> From: "Chuck Larrieu" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, December 22, 2000 1:30 PM
> Subject: RE: Access List/EIGRP Problem
>
>
> > This topic brings up some of the subtleties with
> regards to access lists.
> > Now that I am looking into more complex
> interactions among protocols and
> > services, I am finding that just about any time I
> have to engage
> > access-lists I have to begin thinking in far
> broader terms than I am used
> > to. And certainly in far broader terms than
> several of the well known
> > introductory and CCNA level books suggest.
> >
> > There is nothing like applying a standard access
> list to an interface,
> then
> > a few minutes later seeing your routes disappear!
> >
> > Some of the more advanced texts suggest
> constructing access-lists such
> that
> > most specific items appear first, and then filter
> down to least specific.
> > Others may suggest that one put the mostly likely
> to be used things at the
> > top of the lists and work down.
> >
> > I'm getting to the point where I have to remember
> to put routing protocol
> > items at the top of my lists.
> >
> > I guess what I'm getting to in my rambling way is
> that access-list
> > construction and placement is probably more of n
> art than a science. One
> > must always consider what one is doing, and why.
> One must always consider
> > the law of unintended consequences.
> >
> > Happy holidays!
> >
> > Chuck
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Stephen Skinner
> > Sent: Friday, December 22, 2000 12:42 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> > Subject: RE: Access List/EIGRP Problem
> >
> >
> > your access-list is the wrong way round ......you
> have a deny host any any
> > I.E your 0.0.0.0 is treated as a any any ....then
> the permit....
> > if oyu put them the other way round it should work
> >
> > >From: "Stull, Cory" <[EMAIL PROTECTED]>
> > >Reply-To: "Stull, Cory" <[EMAIL PROTECTED]>
> > >To: "'Edward Gomez'" <[EMAIL PROTECTED]>,
> "'[EMAIL PROTECTED]'"
> > > <[EMAIL PROTECTED]>
> > >Subject: RE: Access List/EIGRP Problem
> > >Date: Tue, 19 Dec 2000 09:05:07 -0600
> > >
> > >Edward,
> > >
> > >Without seeing your whole config we can't be
> positive but your probably
> > >also
> > >blocking your EIGRP hellos. You might want to
> go with distribute-list
> > >anyway. Go to cisco.com and lookup
> distribute-list and go to the link
> on
> > >using it with EIGRP.
> > >
> > >Good luck
> > >Cory
> > >
> > >-----Original Message-----
> > >From: Edward Gomez [mailto:[EMAIL PROTECTED]]
> > >Sent: Tuesday, December 19, 2000 8:30 AM
> > >To: '[EMAIL PROTECTED]'
> > >Subject: Access List/EIGRP Problem
> > >
> > >
> > >Hi everybody,
> > >
> > >I am having an issue with the following access
> list. I am trying to put
> an
> > >ACL on my frame router that can limit which
> network inside my company a
> > >partner
> > >can access. I basically want any traffic coming
> from 192.168.50.0 to be
> > >able
> > >to go to 192.168.5.0. When I apply the access
> list nothing gets through.
> > >If I ping a remote address I get a TTL expired in
> transit. I am running
> > >EIGRP between the routers. Do I need to have an
> access list that allows
> > >access to the LAN side for EIGRP updates? or is
> this done via the WAN
> port?
> > >What am I doing wrong here??
> > >
> > >
> > >ip access-list extended FrameInbound
> > >deny ip host 0.0.0.0 any
> > >permit ip 192.168.50.0 0.0.0.255 192.168.5.0
> 0.0.0.255
> > >
> > >I have also tried: permit ip 192.168.50.0
> 0.0.0.255 host 192.168.5.0 and
> > >that did not work either.
> > >
> > >Thanks in advance!!!
> > >
> > >Eddie
> > >----------
> > >Edward J. Gomez, MCSE, CNE, CCNA
> > >Information Systems Manager
> > >ProxyMed, Inc
> > >2555 Davie Road,
> > >Suite 110
> > >Fort Lauderdale, Florida 33317
> > >(954) 473-1001 x315
> > >http://www.proxymed.com
> > >
> > >_________________________________
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> > >
> > >_________________________________
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
> >
>
_________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com.
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
