ACL's on cisco 2600

Discussion in 'Cisco' started by CREAM, Mar 15, 2006.

  1. CREAM

    CREAM Guest

    Hello, I'm having trouble on my cisco 2600 router and my cisco 800
    series router. I put a deny host statment and apply it to Fastethernet
    0/1 (192.168.1.1) on the cisco 2600 but it doesnt deny the host. I ping
    192.168.1.2 (Ethernet0 on 800 series router) on my 2600 series router
    using 192.168.1.1 but successful ping. What have I done wrong? I
    supplied the 2600 & 800 series configs below. I must add that I'm
    trying to deny 192.168.1.1 through ethernet not serial.


    -- Cisco 2600 --

    Building configuration...

    Current configuration : 787 bytes
    !
    version 12.3
    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption
    !
    hostname laba
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    !
    !
    ip audit po max-events 100
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    shutdown
    !
    interface FastEthernet0/1
    ip address 192.168.1.1 255.255.255.0

    ip access-group 1 out
    duplex auto
    speed auto
    !
    interface Serial0/1
    no ip address
    shutdown
    !
    router rip
    network 192.168.1.0
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    access-list 1 deny 192.168.1.1
    access-list 1 permit any
    !
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    login
    !
    !
    !
    end


    -- Cisco 800 Series --

    Building configuration...

    Current configuration : 1058 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    ip subnet-zero
    !
    !
    !
    !
    ip ips po max-events 100
    no ftp-server write-enable
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    ip address 192.168.1.2 255.255.255.0

    !
    interface Ethe
    no ip address
    shutdown
    duplex auto
    !
    interface FastEthernet1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet2
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet3
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet4
    no ip address
    duplex auto
    speed auto
    !
    router rip
    network 192.168.1.0
    !
    ip classless
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    transport preferred all
    transport output all
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    login
    transport preferred all
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    end
     
    CREAM, Mar 15, 2006
    #1
    1. Advertising

  2. In article <>,
    CREAM <> wrote:

    >-- Cisco 2600 --


    >interface FastEthernet0/1
    > ip address 192.168.1.1 255.255.255.0
    > ip access-group 1 out


    >access-list 1 deny 192.168.1.1
    >access-list 1 permit any


    You are trying to deny the IP of the interface itself. Traffic *from*
    the device is normally exempt from the interfaces unless you configure
    specially. I keep forgetting what the configuration step is...
    one of the "ip service" commands perhaps. I'm sure someone will
    step in with the correct information [sorry, I don't use IOS much.]
     
    Walter Roberson, Mar 15, 2006
    #2
    1. Advertising

  3. CREAM

    CREAM Guest

    Thanks alot! I finally got it! THANKS ALOT AGAIN!
    Walter Roberson wrote:
    > In article <>,
    > CREAM <> wrote:
    >
    > >-- Cisco 2600 --

    >
    > >interface FastEthernet0/1
    > > ip address 192.168.1.1 255.255.255.0
    > > ip access-group 1 out

    >
    > >access-list 1 deny 192.168.1.1
    > >access-list 1 permit any

    >
    > You are trying to deny the IP of the interface itself. Traffic *from*
    > the device is normally exempt from the interfaces unless you configure
    > specially. I keep forgetting what the configuration step is...
    > one of the "ip service" commands perhaps. I'm sure someone will
    > step in with the correct information [sorry, I don't use IOS much.]
     
    CREAM, Mar 15, 2006
    #3
  4. CREAM

    Vaz Guest

    ACLs only apply to traffic going through the router. Not traffic
    originated by the router.
     
    Vaz, Mar 15, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Radial Monster
    Replies:
    2
    Views:
    8,058
  2. Shad T
    Replies:
    0
    Views:
    656
    Shad T
    Jun 29, 2004
  3. Ronald de Leeuw
    Replies:
    1
    Views:
    3,938
  4. Vimokh
    Replies:
    3
    Views:
    5,727
    Vimokh
    Sep 6, 2006
  5. Replies:
    2
    Views:
    837
Loading...

Share This Page