ip extended access-lists are 100-199,2000-2699 I think Tim is correct, if your attempting to block pings between two devices on the same VLAN your not going to do it on the router.
Dave timothy thielen wrote: > > OK, I'm not an all-powerful CCIE, but I'll take a stab at this. > > Applying an access list to a switch is only going to limit access to and > from your management interface. Switched traffic through the switch is > still switched traffic, and by and large, a switch doesn't ever look at IP > information, thus wouldn't filter anything based on an IP address. > > That would explain why you can't ping the host from the switch (I'd imagine > you are getting a "Request Timed Out") but the traffic from the outside > world still gets through. > > Also, What's up with the "2000" access list? Would not an extended IP list > be 100-199? > > --Tim > > Christian Fredrickson wrote: > > > > Running a Cisco switch 3548XL > > Trying to block a specific IP address. The access-list looks > > like: > > (I substituted the IP addresses) > > access-list 2000 deny ip host ip_address any > > access-list 2000 permit ip range.0 0.0.0.255 any > > access-list 2000 deny ip any any > > > > All ports on this switch belong to the same VLAN and all other > > switches use > > this switch to get to the upper layer switch and use that to > > get to the > > router. The vlan looks like: > > (I substituted the IP addresses) > > interface VLAN1 > > description line > > ip address switch_ip 255.255.255.0 > > ip access-group 2000 in > > > > But I can still ping the host from external addresses. Why is > > this ACL not > > working? > > > > Thank you all in advance. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43144&t=43021 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
