Extended access list can have number between 100-199. I don't know if 2000 will work ..
But hey, I am not sure if this is true... I may be very silly here ... ----- Original Message ----- From: Christian Fredrickson To: Sent: Wednesday, May 01, 2002 1:01 PM Subject: Problem with access-list [7:43021] > Running a Cisco switch 3548XL > Trying to block a specific IP address. The access-list looks like: > (I substituted the IP addresses) > access-list 2000 deny ip host ip_address any > access-list 2000 permit ip range.0 0.0.0.255 any > access-list 2000 deny ip any any > > All ports on this switch belong to the same VLAN and all other switches use > this switch to get to the upper layer switch and use that to get to the > router. The vlan looks like: > (I substituted the IP addresses) > interface VLAN1 > description line > ip address switch_ip 255.255.255.0 > ip access-group 2000 in > > But I can still ping the host from external addresses. Why is this ACL not > working? > > Thank you all in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43042&t=43021 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
