www.unix.org.ua

[csawest_dc]

Dear Experts,

ACL not working in cisco 3550.

current IOS : /c3550-i9q3l2-mz.121-22.EA9.bin"

I need to deny host 10.28.0.30 from my network.

my ACL :
ip access-list extended abc
deny ip any host 10.28.0.30
permit ip any any

int vlan 100

ip access-group abc out
ip access-group abc in

OR

ip access extended abc1
deny icmp any host 10.28.0.30 echo
permit ip any any

int vlan 100
ip access-group abc1 out
ip access-group abc1 in


Still i am able to ping this host from my network, i need deny everything to this host ( ping , telnet, etc) from my network and my network throug vlan 100.
So please help me how can i solve this issue.


Thanks in ADV,

[naikumar]

Hi,

Can you let us know in what direction you want to block the traffic?. Is it originated from 10.28.0.30 or destinated to 10.28.0.30?.

Currently your ACL configuration seems to block traffic destinated to 10.28.0.30. ACL normally will not affect the locally originated traffic. Try sending ICMP from some other device via this 3550 and see if it is blocked.

If you want to block everything to/from this device,

ip access-list extended abc
deny ip any host 10.28.0.30
deny ip host 10.28.0.30 any
permit ip any any

and apply the same under interface.


HTH,
Nagendra

[csawest_dc]

Dear Naikumar,

Thanks a lot , this command which is given by you, it's working fine.
I am not able to ping from my network to this host.


Thanks mate, have a great support.
Cheers!!!