• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

BAH! Stupid access lists.....

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

=ACID RAIN=

Member
Joined
May 19, 2003
Location
Kingwood, TX
First, my grade does NOT depend on this item. While it is classwork, it does not reflect on my final grade (or any grade). This is something I just have to figure out because it's ****ing me off LOL

First, the requirements:
Implement the following ACL rules using ACL number 101:
1. Allow hosts on the 192.168.30.0/24 network web access to any destination
2. Allow hosts on the 192.168.30.0/24 network ping access to any destination.
3. Deny any other access originating from the network.

My solution:
For 1)
R3(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq www
For 2)
R3(config)#access-list 101 permit icmp 192.168.30.0 0.0.0.255 any
For 3)
R3(config)#access-list 101 deny ip any any

This gives me no feedback ie it's wrong. WTF. Any help is appreciated.
 
OP
=ACID RAIN=

=ACID RAIN=

Member
Joined
May 19, 2003
Location
Kingwood, TX
I just had a :bang head moment...

3. Deny any other access originating from the network.

R3(config)#access-list 101 deny ip 192.168.30.0 0.0.0.255 any
R3(config)#access-list 101 permit ip any any (maybe, not specified. Deny all is the default so I have to watch that)

Lemme see if that sets it off....
 

skidooosl

Member
Joined
Sep 9, 2003
Location
MI
When you say it gives no feedback... do you mean the access does not work?

did you remember to tie the access list to the correct interface :) I have been burned by that a number of times.... lol
 
OP
=ACID RAIN=

=ACID RAIN=

Member
Joined
May 19, 2003
Location
Kingwood, TX
No it's giving me a score when I have the *exact* answer, which is what I meant by feedback. The rules work, it's just not what cisco wanted. Usually that means there is a twist that you are missing, but in this case I just said screw it..
 

skidooosl

Member
Joined
Sep 9, 2003
Location
MI
ah, I see what you mean now.... looks ok but I think I may see what is wrong...

have to remember Cisco is super anal about everything :)


R3(config)#access-list 101 permit icmp 192.168.30.0 0.0.0.255 any

^ this allows ALL ICMP to any destination^

the question asked only that only ping access be allowed

try to add ICMP echo or echo-reply to the end of the access list

or ICMP type codes 0 or 8

I bet that will fix it