OK, I'm not an all-powerful CCIE, but I'll take a stab at this.
Applying an access list to a switch is only going to limit access to and
from your management interface. Switched traffic through the switch is
still switched traffic, and by and large, a switch doesn't ever look at IP
information,
Also, What's up with the 2000 access list? Would not an
extended IP list
be 100-199?
2000-2699 are also extended IP lists. Cisco calls them expanded
range :-). Sort of reminds me of expanded and extended memory in DOS days
;-)
Marko.
Message Posted at:
well, that's a bit twisted. :-) I guess those 200 other IP access lists
were not enough? I fear the router which can use them all and still somehow
forward packets.
I'm curious to find if I was correct on the other bit, though... The access
list should only apply to the Management functions
ip extended access-lists are 100-199,2000-2699
I think Tim is correct, if your attempting to block pings between two
devices on the same VLAN your not going to do it on the router.
Dave
timothy thielen wrote:
OK, I'm not an all-powerful CCIE, but I'll take a stab at this.
Applying an
an access list based on the host
MAC address?
Chris
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 8:36 AM
To: [EMAIL PROTECTED]
Subject: RE: Problem with access-list [7:43021]
OK, I'm not an all-powerful CCIE, but I'll take
Running a Cisco switch 3548XL
Trying to block a specific IP address. The access-list looks like:
(I substituted the IP addresses)
access-list 2000 deny ip host ip_address any
access-list 2000 permit ip range.0 0.0.0.255 any
access-list 2000 deny ip any any
All ports on this switch belong to
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Christian Fredrickson
Sent: Wednesday, May 01, 2002 2:02 PM
To: [EMAIL PROTECTED]
Subject: Problem with access-list [7:43021]
Running a Cisco switch 3548XL
Trying to block a specific IP address. The access-list looks like:
(I
Extended access list can have number between 100-199.
I don't know if 2000 will work ..
But hey, I am not sure if this is true... I may be very silly here ...
- Original Message -
From: Christian Fredrickson
To:
Sent: Wednesday, May 01, 2002 1:01 PM
Subject: Problem with access-list
If this is an IOS switch:
If you are trying to filter an IP address. Use ACL number between 1-99.
e.g
access-list 1 deny host 172.16.1.1
access-list 1 permit any
PING
Christian Fredrickson wrote:
Running a Cisco switch 3548XL
Trying to block a specific IP address. The access-list looks like:
9 matches
Mail list logo