|
|
| denpei 2002-08-16, 2:24 am |
| 
Access-list
I use the Routerlab(sybex company)
I use access list.
access-list 1 deny 172.16.10.2
access-lsit 1 permit any
int e0
ip access-group 1 in
HostB
|
|
|
HostA----Switch---RouterA--RouterB---RouterC
HostA ip address 172.16.10.2
I use the command "ping 172.16.10.2" in the RouterC.
I find it show ok!!!!!
I don't understand.
is this routerlab can't use access list?
thank you. | |
| davidbeecken 2002-08-16, 7:35 am |
| Where is the access list and what are you pinging from? | |
| JayDot 2002-08-16, 11:36 am |
| I believe from your Config that your have Denied(HOST A) Access to Ethernet Port
If you try pinging from Host A to Router C it should Deny access But if you try to Ping from Router C to Host A access is permitted | |
| denpei 2002-08-16, 11:36 pm |
| is it?
ping command use icmp protocol .
The icmp protocol will return a information to source node. if the information can't return source node,there will show ....., because ethernet 0 use the access-list and deny any packet in the inbound.
you say from hostA use ping command. well.it should deny any packet.
( i am chinese.The level of my English is not so good.) | |
| twister166 2002-08-17, 8:17 pm |
| From your configuration, I am assuming that your AL is applied on router A's ethernet adaptor that is connected to the 172.16.10.0 network. You applied it inbound, so it will deny the host address only on router A's ethernet adaptor that connected to the 172.16.10.0 network. Since from router C, the inbound is allowed to 172.16.10.2, it will ping. If you want to stop ping from router C to 172.16.10.2, you must apply out on the E0.
Remember IN and OUT are from one router's inside prespective!
OUT <-- router
IN --> router |
|
|
|