From: Nart, Selim (SNart@Vignette.com)
Date: Sat Sep 16 2006 - 15:53:41 ART
You need to apply to access list to the vlan interface not the interface
server is connected
Selim
-----Original Message-----
From: 2nd CCIE [mailto:doubleccie@yahoo.com]
Sent: Saturday, September 16, 2006 01:24 PM Central Standard Time
To: security@groupstudy.com; ccielab@groupstudy.com
Subject: 3550 ACL's ..
Folks ;
i have a trouble trying to do simple configuration on the 3550 .
i have server connected to 3550 on port f0/11 .
all i want to do is to deny the icmp to this server and allow everything
else .
although it looks something easy ..it does not work with me
here is my configuration
!
interface FastEthernet0/11
switchport access vlan 16
switchport mode dynamic desirable
ip access-group 101 in
!
!
access-list 101 deny icmp any host 10.10.16.100
access-list 101 permit ip any any
!
with this configuration ..i still can ping the server from anywhere ...i
tried to apply the ACL on the interface vlan 16 ..nothing changed .
if i remove the second entry of the ACL (basically deny everything ) ..it
works
but i need to the communication to the server ..only the ping i want to
disable ...
what am i missing here ?
thanks