access-lists URGENT

Anybody help please,

I want to deny a single ip (1.2.3.4) address by access-list, i have tried:

access-list 110 deny ip 1.2.3.4 0.0.0.0 any log

int fastethernet0/0 ip access-group 100 in

but I have lost the router.

I connecting to the fe0/0 interface, What I'm missing here?

Thanks, Alex

Reply to
rewtenator
Loading thread data ...

you're missing the allow everything else at the end of the acl

Reply to
Steve Ray

thanks Steve

Alex

Reply to
rewtenator

Is there any way to do it in one step or i'll have to go through it one by one?

Alex

Reply to
rewtenator

Hi

I've never seen a ACL capable of taking one statement and others at the same time, maybe others can comment.

As far as I'm aware ACL's are straight statements, allow this, deny that. Always remembering that at the end, hidden from view in the darkness of the IOS is the implicit "Deny, deny, Deny"

Steve

Reply to
Steve Ray

The implicit 'deny all' at the end of every IOS access list.

Try adding 'access-list 110 permit ip any any'.

Regards,

Marco.

Reply to
M.C. van den Bovenkamp

Now I got it. The interpreting engine runs trhough the rule list and if anz of the rules are matching it applies.

thanks everyone.

Alex

Reply to
rewtenator

Just keep in mind if 'any' is greater than one its the *first* one that determines the action.

Reply to
Rod Dorman

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.