range)
>
> Then is it possible to create an access list based on the host
> MAC address?
>
> Chris
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 02, 2002 8:36 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Pr
ip extended access-lists are 100-199,2000-2699
I think Tim is correct, if your attempting to block pings between two
devices on the same VLAN your not going to do it on the router.
Dave
timothy thielen wrote:
>
> OK, I'm not an all-powerful CCIE, but I'll take a stab at this.
>
> Applying
well, that's a bit twisted. :-) I guess those 200 other IP access lists
were not enough? I fear the router which can use them all and still somehow
forward packets.
I'm curious to find if I was correct on the other bit, though... The access
list should only apply to the Management functions o
> Also, What's up with the "2000" access list? Would not an
> extended IP list
> be 100-199?
2000-2699 are also extended IP lists. Cisco calls them "expanded
range" :-). Sort of reminds me of expanded and extended memory in DOS days
;-)
Marko.
Message Posted at:
http://www.groups
OK, I'm not an all-powerful CCIE, but I'll take a stab at this.
Applying an access list to a switch is only going to limit access to and
from your management interface. Switched traffic through the switch is
still switched traffic, and by and large, a switch doesn't ever look at IP
information,
If this is an IOS switch:
If you are trying to filter an IP address. Use ACL number between 1-99.
e.g
access-list 1 deny host 172.16.1.1
access-list 1 permit any
PING
Christian Fredrickson wrote:
> Running a Cisco switch 3548XL
> Trying to block a specific IP address. The access-list looks like
Extended access list can have number between 100-199.
I don't know if 2000 will work ..
But hey, I am not sure if this is true... I may be very silly here ...
- Original Message -
From: Christian Fredrickson
To:
Sent: Wednesday, May 01, 2002 1:01 PM
Subject: Problem with access-list
Also, once this access-list is in place, I cannot ping that address from the
switch, but I can ping it from any other machine. I have also blocked icmp
to that host using the same access-list and all addresses excepting the
switch can ping the host that should be blocked.
-Original Message--
8 matches
Mail list logo
