Re: Took network down with wrong access-list

From: cdmurray@statestreet.com
Date: Thu Nov 14 2002 - 19:51:12 GMT-3

• Next message: Nate Kleven: "RE: VoIP over IDSL/SDSL"
• Previous message: John Neiberger: "Re: Took network down with wrong access-list"
• Maybe in reply to: Jeongwoo Park: "Took network down with wrong access-list"
• Next in thread: Landon Fitts: "Re: Took network down with wrong access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When you say took the connection down I take it you mean "access" wise.
(If the physical link went down then that's another problem that needs to
be researched for bugs
or reported to TAC)

Your access-list consists of only deny statements (your statement and the
implicit deny at the end)
and this is assuming access-list 100 doesn't have other entries not
mentioned in your e-mail.
Include the permit statements after your deny statement (permit ip any any
or be specific
for hosts/networks) - good luck with the client

Regards,
Christine Murray
Ph: 612-93236124
cdmurray@statestreet.com

                                                                                                           
                      Jeongwoo Park
                      <jpark@wams.com> To: "'ccielab@groupstudy.com'"
                      Sent by: <ccielab@groupstudy.com>
                      nobody@groupstudy cc:
                      .com Subject: Took network down with wrong access-list
                                                                                                           
                                                                                                           
                      11/15/2002 09:02
                      AM
                      Please respond to
                      Jeongwoo Park
                                                                                                           
                                                                                                           

Hi all.
I like to share what I did this morning to take an internet connection down
for one of customers' companies.

Internet_router#

Interface s0
Ip access-group 100 in
.
.
.
access-list 100 deny icmp any host 172.16.1.10 echo

I was tring to set up access-list in a way that no one can ping one of
their
servers in their network.
This config took their internet connection down.
I immediately removed it, and it came back normal.

What did I wrong?

Thanks,

JP

Confidentiality Notice:
**************************************************************************************************************************

The information contained in the email is intended for the confidential use
of the above-named recipient.
If the reader of this message is not the intended recipient or person
responsible for delivering it to the
intended recipient, you are hereby notified that you have received this
communication in error, and that
any review, dissemination, distribution, or copying of this communication
is strictly prohibited.
If you have received this in error, please notify the sender immediately
and destroy this message.
**************************************************************************************************************************

• Next message: Nate Kleven: "RE: VoIP over IDSL/SDSL"
• Previous message: John Neiberger: "Re: Took network down with wrong access-list"
• Maybe in reply to: Jeongwoo Park: "Took network down with wrong access-list"
• Next in thread: Landon Fitts: "Re: Took network down with wrong access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:00 GMT-3