Re: Took network down with wrong access-list

From: enginedrive2002 (enginedrive2002@yahoo.ca)
Date: Thu Nov 14 2002 - 19:30:55 GMT-3

• Next message: stefan vogt: "Re: Took network down with wrong access-list"
• Previous message: Michael Breen \(mbreen\): "RE: Took network down with wrong access-list"
• Maybe in reply to: Jeongwoo Park: "Took network down with wrong access-list"
• Next in thread: stefan vogt: "Re: Took network down with wrong access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There's an implicit "deny any any" at the end of each access-list, so
without any "permit" statement, you deny everything.

E.D.

----- Original Message -----
From: "Jeongwoo Park" <jpark@wams.com>
To: <ccielab@groupstudy.com>
Sent: November 14, 2002 5:02 PM
Subject: Took network down with wrong access-list

> Hi all.
> I like to share what I did this morning to take an internet connection
down
> for one of customers' companies.
>
> Internet_router#
>
> Interface s0
> Ip access-group 100 in
> .
> .
> .
> access-list 100 deny icmp any host 172.16.1.10 echo
>
>
> I was tring to set up access-list in a way that no one can ping one of
their
> servers in their network.
> This config took their internet connection down.
> I immediately removed it, and it came back normal.
>
> What did I wrong?
>
> Thanks,
>
> JP

• Next message: stefan vogt: "Re: Took network down with wrong access-list"
• Previous message: Michael Breen \(mbreen\): "RE: Took network down with wrong access-list"
• Maybe in reply to: Jeongwoo Park: "Took network down with wrong access-list"
• Next in thread: stefan vogt: "Re: Took network down with wrong access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:00 GMT-3