From: Michael Breen \(mbreen\) (mbreen@cisco.com)
Date: Thu Nov 14 2002 - 19:33:52 GMT-3
There is an implicit deny all at the end of your access-list. You forgot
to do...
Access-list 100 permit ip any any
--MB
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Jeongwoo Park
> Sent: Thursday, November 14, 2002 3:03 PM
> To: 'ccielab@groupstudy.com'
> Subject: Took network down with wrong access-list
>
>
> Hi all.
> I like to share what I did this morning to take an internet
> connection down for one of customers' companies.
>
> Internet_router#
>
> Interface s0
> Ip access-group 100 in
> .
> .
> .
> access-list 100 deny icmp any host 172.16.1.10 echo
>
>
> I was tring to set up access-list in a way that no one can
> ping one of their servers in their network. This config took
> their internet connection down. I immediately removed it, and
> it came back normal.
>
> What did I wrong?
>
> Thanks,
>
> JP
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:00 GMT-3