Re: Took network down with wrong access-list

From: Jay (ccienxtyear@hotmail.com)
Date: Mon Nov 18 2002 - 21:12:45 GMT-3

• Next message: Jay: "Re: ACL's on Loopbacks?"
• Previous message: Jennifer Bellucci: "Re: 3550 and ISIS?"
• Maybe in reply to: Jeongwoo Park: "Took network down with wrong access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Simple, yet costly mistake...you forgot that by default, theres a deny any
any on the bottom of the acl list

-Jay

----- Original Message -----
From: "Jeongwoo Park" <jpark@wams.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, November 14, 2002 2:02 PM
Subject: Took network down with wrong access-list

> Hi all.
> I like to share what I did this morning to take an internet connection
down
> for one of customers' companies.
>
> Internet_router#
>
> Interface s0
> Ip access-group 100 in
> .
> .
> .
> access-list 100 deny icmp any host 172.16.1.10 echo
>
>
> I was tring to set up access-list in a way that no one can ping one of
their
> servers in their network.
> This config took their internet connection down.
> I immediately removed it, and it came back normal.
>
> What did I wrong?
>
> Thanks,
>
> JP

• Next message: Jay: "Re: ACL's on Loopbacks?"
• Previous message: Jennifer Bellucci: "Re: 3550 and ISIS?"
• Maybe in reply to: Jeongwoo Park: "Took network down with wrong access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:05 GMT-3