PG1X WIKI

My Knowledge Base

User Tools

Site Tools

You are here: PG1X WIKI » Technology » Networking » ACL: Standard ACL
Trace: ACL: Standard ACL
tech:network:standard-acl:standard-acl

ACL: Standard ACL

, ,

Virtual Lab

  • PC-4
ip 192.168.0.2 255.255.255.0 192.168.0.254
save
  • PC-5
ip 192.168.0.3 255.255.255.0 192.168.0.254
save

Now,

  • PC-1,4,5
ping 192.168.4.1
PC-1> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=20.807 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=9.339 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=8.202 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=6.633 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=8.517 ms
PC-4> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=7.417 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=5.906 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=7.916 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=7.883 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=7.463 ms
PC-5> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.513 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=6.018 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=8.840 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=8.610 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=9.170 ms
  • R2
conf t
access-list 1 deny host 192.168.0.1
R2(config)#access-list 1 deny host 192.168.0.1
R2(config)#do sh run | i access-list
access-list 1 deny   192.168.0.1
PC-1> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.546 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=9.115 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=7.751 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=6.297 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=7.613 ms
PC-4> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.595 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=6.175 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=7.007 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=7.960 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=5.842 ms
PC-5> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=5.468 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=6.418 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=7.867 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=8.528 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=6.990 ms

Apply access list. 

int gig0/2
ip access-group 1 out
exit
R2(config)#int gig0/2
R2(config-if)#ac
R2(config-if)#ip acc
R2(config-if)#ip acce
R2(config-if)#ip access-group
R2(config-if)#ip accer
R2(config-if)#ip acce
R2(config-if)#ip access-group 1 o
R2(config-if)#ip access-group ?
  <1-199>      IP access list (standard or extended)
  <1300-2699>  IP expanded access list (standard or extended)
  WORD         Access-list name

R2(config-if)#ip access-group 1 o
R2(config-if)#ip access-group 1 out
R2(config-if)#no ip access-group 1 out
R2(config-if)#no ip access-group 1 out
R2(config-if)#ip access-group 1 out
R2(config-if)#do sh run | i access
 ip access-group 1 out
access-list 1 deny   192.168.0.1
R2(config-if)#do sh run int gig0/2
Building configuration...

Current configuration : 141 bytes
!
interface GigabitEthernet0/2
 ip address 192.168.4.254 255.255.255.0
 ip access-group 1 out
 duplex auto
 speed auto
 media-type rj45
end

All ping failed. PC-4, 5 also fails because of implicit deny applied. 

PC-1> ping 192.168.4.1 -t
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=9.067 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=3.413 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=5.800 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=8.585 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=7.599 ms
84 bytes from 192.168.4.1 icmp_seq=6 ttl=61 time=5.051 ms
84 bytes from 192.168.4.1 icmp_seq=7 ttl=61 time=6.392 ms
84 bytes from 192.168.4.1 icmp_seq=8 ttl=61 time=7.717 ms
84 bytes from 192.168.4.1 icmp_seq=9 ttl=61 time=6.779 ms
84 bytes from 192.168.4.1 icmp_seq=10 ttl=61 time=6.901 ms
84 bytes from 192.168.4.1 icmp_seq=11 ttl=61 time=10.212 ms
84 bytes from 192.168.4.1 icmp_seq=12 ttl=61 time=6.363 ms
(snip)
84 bytes from 192.168.4.1 icmp_seq=35 ttl=61 time=7.883 ms
84 bytes from 192.168.4.1 icmp_seq=36 ttl=61 time=6.128 ms
84 bytes from 192.168.4.1 icmp_seq=37 ttl=61 time=7.814 ms
84 bytes from 192.168.4.1 icmp_seq=38 ttl=61 time=6.449 ms
84 bytes from 192.168.4.1 icmp_seq=39 ttl=61 time=6.265 ms
84 bytes from 192.168.4.1 icmp_seq=40 ttl=61 time=6.478 ms
84 bytes from 192.168.4.1 icmp_seq=41 ttl=61 time=7.539 ms
84 bytes from 192.168.4.1 icmp_seq=42 ttl=61 time=6.926 ms
84 bytes from 192.168.4.1 icmp_seq=43 ttl=61 time=6.301 ms
<- Explicit deny
*192.168.3.1 icmp_seq=44 ttl=253 time=9.079 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=45 ttl=253 time=5.837 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=46 ttl=253 time=7.733 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=47 ttl=253 time=9.626 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=48 ttl=253 time=10.656 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=49 ttl=253 time=17.410 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=50 ttl=253 time=10.612 ms (ICMP type:3, code:13, Communication administratively prohibit
PC-4> ping 192.168.4.1 -t
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=8.097 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=9.034 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=7.849 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=7.976 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=6.353 ms
84 bytes from 192.168.4.1 icmp_seq=6 ttl=61 time=7.723 ms
84 bytes from 192.168.4.1 icmp_seq=7 ttl=61 time=6.593 ms
84 bytes from 192.168.4.1 icmp_seq=8 ttl=61 time=6.847 ms
84 bytes from 192.168.4.1 icmp_seq=9 ttl=61 time=9.928 ms
84 bytes from 192.168.4.1 icmp_seq=10 ttl=61 time=6.310 ms
84 bytes from 192.168.4.1 icmp_seq=11 ttl=61 time=7.505 ms
(snip)
84 bytes from 192.168.4.1 icmp_seq=34 ttl=61 time=6.335 ms
84 bytes from 192.168.4.1 icmp_seq=35 ttl=61 time=7.656 ms
84 bytes from 192.168.4.1 icmp_seq=36 ttl=61 time=5.961 ms
84 bytes from 192.168.4.1 icmp_seq=37 ttl=61 time=6.715 ms
84 bytes from 192.168.4.1 icmp_seq=38 ttl=61 time=7.830 ms
84 bytes from 192.168.4.1 icmp_seq=39 ttl=61 time=7.834 ms
84 bytes from 192.168.4.1 icmp_seq=40 ttl=61 time=6.713 ms
84 bytes from 192.168.4.1 icmp_seq=41 ttl=61 time=6.927 ms
<- Implicit deny
*192.168.3.1 icmp_seq=42 ttl=253 time=5.470 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=43 ttl=253 time=5.966 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=44 ttl=253 time=13.164 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=45 ttl=253 time=13.574 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=46 ttl=253 time=7.831 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=47 ttl=253 time=19.680 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=48 ttl=253 time=10.806 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=49 ttl=253 time=7.677 ms (ICMP type:3, code:13, Communication administratively prohibited)
^C
PC-5> ping 192.168.4.1 -t
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.862 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=6.835 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=5.851 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=6.792 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=8.094 ms
84 bytes from 192.168.4.1 icmp_seq=6 ttl=61 time=7.005 ms
84 bytes from 192.168.4.1 icmp_seq=7 ttl=61 time=9.558 ms
84 bytes from 192.168.4.1 icmp_seq=8 ttl=61 time=8.373 ms
84 bytes from 192.168.4.1 icmp_seq=9 ttl=61 time=7.023 ms
84 bytes from 192.168.4.1 icmp_seq=10 ttl=61 time=7.050 ms
84 bytes from 192.168.4.1 icmp_seq=11 ttl=61 time=5.966 ms
84 bytes from 192.168.4.1 icmp_seq=12 ttl=61 time=7.111 ms
(snip)
84 bytes from 192.168.4.1 icmp_seq=30 ttl=61 time=7.331 ms
84 bytes from 192.168.4.1 icmp_seq=31 ttl=61 time=8.635 ms
84 bytes from 192.168.4.1 icmp_seq=32 ttl=61 time=6.309 ms
84 bytes from 192.168.4.1 icmp_seq=33 ttl=61 time=7.174 ms
84 bytes from 192.168.4.1 icmp_seq=34 ttl=61 time=8.429 ms
84 bytes from 192.168.4.1 icmp_seq=35 ttl=61 time=7.876 ms
84 bytes from 192.168.4.1 icmp_seq=36 ttl=61 time=7.146 ms
84 bytes from 192.168.4.1 icmp_seq=37 ttl=61 time=7.504 ms
84 bytes from 192.168.4.1 icmp_seq=38 ttl=61 time=5.766 ms
84 bytes from 192.168.4.1 icmp_seq=39 ttl=61 time=5.935 ms
<- Implicit deny
*192.168.3.1 icmp_seq=40 ttl=253 time=7.608 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=41 ttl=253 time=8.670 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=42 ttl=253 time=24.364 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=43 ttl=253 time=6.489 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=44 ttl=253 time=5.994 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=45 ttl=253 time=11.179 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=46 ttl=253 time=6.474 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=47 ttl=253 time=5.385 ms (ICMP type:3, code:13, Communication administratively prohibited)
^C
R2(config)#access-list 1 permit 192.168.0.0 0.0.0.255
PC-1> ping 192.168.4.1 -t
*192.168.3.1 icmp_seq=1 ttl=253 time=6.389 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=2 ttl=253 time=20.363 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=3 ttl=253 time=5.789 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=4 ttl=253 time=7.702 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=5 ttl=253 time=11.024 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=6 ttl=253 time=6.437 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=7 ttl=253 time=7.295 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=8 ttl=253 time=6.123 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=9 ttl=253 time=8.979 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=10 ttl=253 time=8.649 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=11 ttl=253 time=8.042 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=12 ttl=253 time=8.096 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=13 ttl=253 time=8.447 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=14 ttl=253 time=8.391 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=15 ttl=253 time=5.903 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=16 ttl=253 time=7.943 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=17 ttl=253 time=9.175 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=18 ttl=253 time=10.165 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=19 ttl=253 time=8.839 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=20 ttl=253 time=7.845 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=21 ttl=253 time=7.665 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=22 ttl=253 time=6.656 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=23 ttl=253 time=6.823 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=24 ttl=253 time=8.672 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=25 ttl=253 time=8.429 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=26 ttl=253 time=9.057 ms (ICMP type:3, code:13, Communication administratively prohibited)
^C
PC-4> ping 192.168.4.1 -t
*192.168.3.1 icmp_seq=1 ttl=253 time=9.180 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=2 ttl=253 time=10.411 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=3 ttl=253 time=5.881 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=4 ttl=253 time=8.612 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=5 ttl=253 time=12.125 ms (ICMP type:3, code:13, Communication administratively prohibited)
<- add subnet permit statement
192.168.4.1 icmp_seq=6 timeout
192.168.4.1 icmp_seq=7 timeout
84 bytes from 192.168.4.1 icmp_seq=8 ttl=61 time=14.021 ms
84 bytes from 192.168.4.1 icmp_seq=9 ttl=61 time=10.661 ms
84 bytes from 192.168.4.1 icmp_seq=10 ttl=61 time=7.709 ms
84 bytes from 192.168.4.1 icmp_seq=11 ttl=61 time=9.262 ms
84 bytes from 192.168.4.1 icmp_seq=12 ttl=61 time=7.259 ms
84 bytes from 192.168.4.1 icmp_seq=13 ttl=61 time=8.213 ms
84 bytes from 192.168.4.1 icmp_seq=14 ttl=61 time=7.405 ms
84 bytes from 192.168.4.1 icmp_seq=15 ttl=61 time=9.570 ms
84 bytes from 192.168.4.1 icmp_seq=16 ttl=61 time=10.792 ms
84 bytes from 192.168.4.1 icmp_seq=17 ttl=61 time=8.325 ms
84 bytes from 192.168.4.1 icmp_seq=18 ttl=61 time=6.403 ms
84 bytes from 192.168.4.1 icmp_seq=19 ttl=61 time=11.443 ms
84 bytes from 192.168.4.1 icmp_seq=20 ttl=61 time=9.595 ms
84 bytes from 192.168.4.1 icmp_seq=21 ttl=61 time=8.065 ms
84 bytes from 192.168.4.1 icmp_seq=22 ttl=61 time=6.810 ms
84 bytes from 192.168.4.1 icmp_seq=23 ttl=61 time=7.016 ms
84 bytes from 192.168.4.1 icmp_seq=24 ttl=61 time=8.715 ms
^C
PC-5> ping 192.168.4.1 -t
*192.168.3.1 icmp_seq=1 ttl=253 time=11.667 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=2 ttl=253 time=6.360 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=3 ttl=253 time=11.971 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=4 ttl=253 time=8.892 ms (ICMP type:3, code:13, Communication administratively prohibited)
<- add subnet permit statement
192.168.4.1 icmp_seq=5 timeout
84 bytes from 192.168.4.1 icmp_seq=6 ttl=61 time=983.055 ms
84 bytes from 192.168.4.1 icmp_seq=7 ttl=61 time=7.016 ms
84 bytes from 192.168.4.1 icmp_seq=8 ttl=61 time=8.008 ms
84 bytes from 192.168.4.1 icmp_seq=9 ttl=61 time=7.949 ms
84 bytes from 192.168.4.1 icmp_seq=10 ttl=61 time=9.087 ms
84 bytes from 192.168.4.1 icmp_seq=11 ttl=61 time=7.698 ms
84 bytes from 192.168.4.1 icmp_seq=12 ttl=61 time=8.144 ms
84 bytes from 192.168.4.1 icmp_seq=13 ttl=61 time=6.207 ms
84 bytes from 192.168.4.1 icmp_seq=14 ttl=61 time=10.005 ms
84 bytes from 192.168.4.1 icmp_seq=15 ttl=61 time=10.801 ms
84 bytes from 192.168.4.1 icmp_seq=16 ttl=61 time=8.303 ms
84 bytes from 192.168.4.1 icmp_seq=17 ttl=61 time=7.774 ms
84 bytes from 192.168.4.1 icmp_seq=18 ttl=61 time=8.819 ms
84 bytes from 192.168.4.1 icmp_seq=19 ttl=61 time=7.162 ms
84 bytes from 192.168.4.1 icmp_seq=20 ttl=61 time=9.194 ms
84 bytes from 192.168.4.1 icmp_seq=21 ttl=61 time=7.278 ms
84 bytes from 192.168.4.1 icmp_seq=22 ttl=61 time=7.329 ms
84 bytes from 192.168.4.1 icmp_seq=23 ttl=61 time=8.639 ms
84 bytes from 192.168.4.1 icmp_seq=24 ttl=61 time=6.193 ms
^C
PC-3> ping 192.168.4.1
192.168.4.1 icmp_seq=1 timeout
*192.168.3.1 icmp_seq=2 ttl=254 time=5.033 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=3 ttl=254 time=6.573 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=4 ttl=254 time=5.436 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=5 ttl=254 time=6.623 ms (ICMP type:3, code:13, Communication administratively prohibited)

Complete configuration are:

  • R2
access-list 1 deny host 192.168.0.1
access-list 1 permit 192.168.0.0 0.0.0.255
int gig0/2
ip access-group 1 out
exit

allow ping except 192.168.0.1. 

access-list 1 permit any
R2(config)#access-list 1 permit ?
  Hostname or A.B.C.D  Address to match
  any                  Any source host
  host                 A single host address

R2(config)#access-list 1 permit an
R2(config)#access-list 1 permit any
R2(config)#do sh run | i access-list
access-list 1 deny   192.168.0.1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit any
PC-1> ping 192.168.4.1
*192.168.3.1 icmp_seq=1 ttl=253 time=10.637 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=2 ttl=253 time=8.167 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=3 ttl=253 time=6.719 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=4 ttl=253 time=7.200 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.1 icmp_seq=5 ttl=253 time=6.494 ms (ICMP type:3, code:13, Communication administratively prohibited)
PC-3> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=62 time=7.575 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=62 time=4.259 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=62 time=5.713 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=62 time=7.775 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=62 time=6.509 ms
PC-4> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.944 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=7.013 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=6.844 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=6.767 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=7.309 ms
PC-5> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.086 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=7.254 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=5.827 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=6.822 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=6.628 ms

delete acl, this method, all ACL statement deleted… 

R2(config)#do sh run | i access-list
access-list 1 deny   192.168.0.1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit any
R2(config)#no access-list 1 deny 192.168.0.1
R2(config)#do sh run | i access-list
R2(config)#
R2(config)#do sh run int gig0/2
Building configuration...

Current configuration : 141 bytes
!
interface GigabitEthernet0/2
 ip address 192.168.4.254 255.255.255.0
 ip access-group 1 out
 duplex auto
 speed auto
 media-type rj45
end

All ACL statement deleted!! and ping to 192.168.4.1 nodes successful with no acl statement but interface acl apply command exist. 

PC-1> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=7.654 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=11.281 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=8.063 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=7.848 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=8.288 ms
PC-3> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=62 time=5.168 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=62 time=4.333 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=62 time=6.583 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=62 time=5.187 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=62 time=6.818 ms
PC-4> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=10.714 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=6.874 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=6.933 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=6.674 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=8.165 ms
PC-5> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=6.058 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=6.227 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=6.485 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=7.764 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=8.545 ms

specify sequence number later. 

R2#sh ip access-lists 1
R2#sh ip access-lists 1 int
                        ^
% Invalid input detected at '^' marker.

R2#sh ip access-lists int
% Incomplete command.

R2#sh ip access-lists int gig0/2
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#access-list 1 deny   192.168.0.1
R2(config)#access-list 1 permit 192.168.0.0 0.0.0.255
R2(config)#access-list 1 permit any
R2(config)#^Z
R2#
*Mar 27 23:38:51.142: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip access-lists 1
Standard IP access list 1
    10 deny   192.168.0.1 (106 matches)
    20 permit 192.168.0.0, wildcard bits 0.0.0.255 (93 matches)
    30 permit any (35 matches)
R2#sh ip access-lists int gig0/2
Standard IP access list 1 out
    10 deny   192.168.0.1 (66 matches)
    20 permit 192.168.0.0, wildcard bits 0.0.0.255 (117 matches)
    30 permit any (48 matches)

References

  1. ACL - 標準ACL
tech/network/standard-acl/standard-acl.txt · Last modified: 2018/04/02 02:51 by 5.9.98.130

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki