From: Armand D (ciscoworks2001@yahoo.com)
Date: Fri Nov 15 2002 - 12:59:27 GMT-3
the next time you are adding acl's and don't know the
possible outcome, try typing "reload in 5" first. this
way your router will reload in 5 min incase you loose
access to it and can't remove your acl.
HTH
--- Bob Rech <brech@kc.rr.com> wrote: > there is an
explicit deny at the end of every
> access-list so if you have a
> deny statement you need to follow that with a
> permit any any
> access-list 100 deny icmp any host 172.16.1.10 echo
> access-list 100 permit any any
>
> ----- Original Message -----
> From: "Jeongwoo Park" <jpark@wams.com>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, November 14, 2002 4:02 PM
> Subject: Took network down with wrong access-list
>
>
> > Hi all.
> > I like to share what I did this morning to take an
> internet connection
> down
> > for one of customers' companies.
> >
> > Internet_router#
> >
> > Interface s0
> > Ip access-group 100 in
> > .
> > .
> > .
> > access-list 100 deny icmp any host 172.16.1.10
> echo
> >
> >
> > I was tring to set up access-list in a way that no
> one can ping one of
> their
> > servers in their network.
> > This config took their internet connection down.
> > I immediately removed it, and it came back normal.
> >
> > What did I wrong?
> >
> > Thanks,
> >
> > JP
http://careers.yahoo.com.au - Yahoo! Careers
- 1,000's of jobs waiting online for you!
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:01 GMT-3