1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem Access Control List(ACL) simply example

Discussion in 'Networks' started by vormz, Dec 21, 2010.

  1. vormz

    vormz New Member

    3
    0
    1
    Hello,

    i dont know if this is the right place to open a this topic .

    We assume that we have a simply network example with the topology:
    http://jump.fm/MQCBB

    and we want for example to figure an access control list, which will permit the pc1 to have ip access to pc2 .
    So, i am trying in the router 1 the ACL:
    Code:
    Router# confing t
    Router(config)#int serial 0
    Router(config-if)#ip access-group 101 in
    Router(config-if)#access-list 101 permit ip 175.15.1.2 0.0.0.255 175.15.2.1 0.0.0.255
    Router(config)#end
    Router#
    
    However, it is not working and i cant understand what i am doing wrong .

    Regards,
     
  2. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Why don't you post up your router/s config
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  3. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    Why is the access list configured under interface config mode rather than global config mode?

    Normally you configure the access list in global config then apply the access list to an interface in interface config mode.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  4. vormz

    vormz New Member

    3
    0
    1
    danielno8 you mean like the code below :
    Code:
    Router# confing t
    Router(config)#access-list 101 permit ip 175.15.1.2 0.0.0.255 175.15.2.1 0.0.0.255
    Router(config)#int serial 0
    Router(config-if)#ip access-group 101 in
    Router(config-if)#end
    Router(config)#
    Router#
    
    it is still not working (i am trying from pc1: ping 175.15.1.2 but i receive 100% loss.)
     
    Last edited: Dec 21, 2010
  5. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    If you want to permit ICMP (pings), then permit ICMP, not IP: link
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
    griffin84 likes this.
  6. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    First things first, do you have connectivity between routers - can you ping r1 s0 from r2 s0 , can you ping across ethernet interfaces? (is a default route in place?)

    If so, assuming this is on a test network, can you remove the existing acl and try to ping r2 from PC1?

    Once the above is confirmed as working then you should start to look at using an ACL to restrict access

    Cheers
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  7. vormz

    vormz New Member

    3
    0
    1
    Thank you very much,

    i thought that i needed to try ping in order to check if an acl is working properly ...:oops:
     

Share This Page

Loading...