1. Home
  2. Cisco Systems
  3. ACL's on cisco 2600

ACL's on cisco 2600

Hello, I'm having trouble on my cisco 2600 router and my cisco 800 series router. I put a deny host statment and apply it to Fastethernet

0/1 (192.168.1.1) on the cisco 2600 but it doesnt deny the host. I ping 192.168.1.2 (Ethernet0 on 800 series router) on my 2600 series router using 192.168.1.1 but successful ping. What have I done wrong? I supplied the 2600 & 800 series configs below. I must add that I'm trying to deny 192.168.1.1 through ethernet not serial.

-- Cisco 2600 --

Building configuration...

Current configuration : 787 bytes ! version 12.3 service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption ! hostname laba ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ip cef ! ! ! ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0

ip access-group 1 out duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router rip network 192.168.1.0 ! ip http server no ip http secure-server ip classless ! ! access-list 1 deny 192.168.1.1 access-list 1 permit any ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! ! end

-- Cisco 800 Series --

Building configuration...

Current configuration : 1058 bytes ! version 12.3 no service pad service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ! ip ips po max-events 100 no ftp-server write-enable ! ! ! ! ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0

! interface Ethe no ip address shutdown duplex auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! router rip network 192.168.1.0 ! ip classless ! ip http server no ip http secure-server ! ! ! ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 login transport preferred all transport input all transport output all ! scheduler max-task-time 5000 end

Reply to
CREAM
Loading thread data ...

You are trying to deny the IP of the interface itself. Traffic *from* the device is normally exempt from the interfaces unless you configure specially. I keep forgetting what the configuration step is... one of the "ip service" commands perhaps. I'm sure someone will step in with the correct information [sorry, I don't use IOS much.]

Reply to
Walter Roberson

Reply to
CREAM

ACLs only apply to traffic going through the router. Not traffic originated by the router.

Reply to
Vaz

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.