Also, once this access-list is in place, I cannot ping that address from the switch, but I can ping it from any other machine. I have also blocked icmp to that host using the same access-list and all addresses excepting the switch can ping the host that should be blocked.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian Fredrickson Sent: Wednesday, May 01, 2002 2:02 PM To: [EMAIL PROTECTED] Subject: Problem with access-list [7:43021] Running a Cisco switch 3548XL Trying to block a specific IP address. The access-list looks like: (I substituted the IP addresses) access-list 2000 deny ip host ip_address any access-list 2000 permit ip range.0 0.0.0.255 any access-list 2000 deny ip any any All ports on this switch belong to the same VLAN and all other switches use this switch to get to the upper layer switch and use that to get to the router. The vlan looks like: (I substituted the IP addresses) interface VLAN1 description line ip address switch_ip 255.255.255.0 ip access-group 2000 in But I can still ping the host from external addresses. Why is this ACL not working? Thank you all in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43039&t=43021 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
