Re: IP extended access list question [7:4321]

Sun, 13 May 2001 11:08:59 -0700 

Think you got your ip addresses the wrong way round.
Guessing which is host A and which is host B.

The lines below will allow 171.21.50.2 to reply to 171.21.10.2 and deny
anything else.
In fact the 2nd line is redundant as there is an implicit deny after it
anyway.

Remember you've not stopped anything going from 171.21.10.2 to 171.21.50.2
Also remember that unless you put a permit ip any any on the end, you've
stopped everything else going in to Ethernet0.
I take it you're just practicing with these anyway.


access-list 100 permit icmp host 171.21.50.2 host 171.21.10.2 echo-reply log
access-list 100 deny ip host 171.21.50.2 host 171.21.10.2  (redundant)



Gaz


""Hans Stout""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello colleagues,
>
> I am trying to block all IP traffic from host A to host B except for ICMP
> echo replies. This is the access list I hve configured:
>
> access-list 100 permit icmp host 171.21.10.2 host 171.21.50.2 echo log
> access-list 100 permit icmp host 171.21.10.2 host 171.21.50.2 echo-reply
log
> access-list 100 deny ip host 171.21.10.2 host 171.21.50.2
>
> I then apply this access list as inbound to Ethernet0:
>
> Ethernet0
> ip address 171.21.50.1
> ip access-group 100 in
>
> However, when I try to ping 171.21.50.2 from 171.21.10.2, I get a no
reply,
> and the access list logs matches under the deny entry. I wonder if I am
> missing something or might have the syntax wrong. Do you have any ideas ?
> Thanks in advance for your help.
>
> Regards,
>
> Hans
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4329&t=4321
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to