From: Wright, Jeremy (JA_WRIGHT@admworld.com)
Date: Thu Nov 14 2002 - 21:03:14 GMT-3
oh it has, and yes i have done that before..but that was when i was a paper
mcp and we all remember how hard that was to attain ;)
-----Original Message-----
From: Joe Martin
To: Wright, Jeremy; ccielab@groupstudy.com
Sent: 11/14/2002 6:05 PM
Subject: RE: Took network down with wrong access-list
Jeremy,
Your turn will come!!;)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Wright, Jeremy
Sent: Thursday, November 14, 2002 4:02 PM
To: 'Jake Jake '; 'Jeongwoo Park '; 'ccielab@groupstudy.com '
Subject: RE: Took network down with wrong access-list
No offense, but how did this gentleman get on the CCIE lab list. Yes
I've
made my fair share of mistakes but c'mon.
-----Original Message-----
From: Jake Jake
To: Jeongwoo Park; ccielab@groupstudy.com
Sent: 11/14/2002 4:41 PM
Subject: RE: Took network down with wrong access-list
Explicit deny all at the end of access lists (even though its not
visible)
Add a second statement (access-list 100 permit ip any any)
This way ICMP will match first statement and be denied, and all other IP
traffic
will be permitted by second statement.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jeongwoo Park
Sent: Thursday, November 14, 2002 5:03 PM
To: 'ccielab@groupstudy.com'
Subject: Took network down with wrong access-list
Hi all.
I like to share what I did this morning to take an internet connection
down
for one of customers' companies.
Internet_router#
Interface s0
Ip access-group 100 in
.
.
.
access-list 100 deny icmp any host 172.16.1.10 echo
I was tring to set up access-list in a way that no one can ping one of
their
servers in their network.
This config took their internet connection down.
I immediately removed it, and it came back normal.
What did I wrong?
Thanks,
JP
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:00 GMT-3