We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

464 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Rene,

    One quick question, why do you need to specify: Robocop(config)#access-list 100 deny ip any any log
    when at the end of every access list there is the invisible deny command.

    Any clarification would be greatly appreciated.

    Thanks

    P.S. Keep up the good work.

  2. Hi Edmundo,

    Adding the log keyword will show all denied packets in your console. This is useful for troubleshooting, debugging or labbing.

  3. Hi Srini,

    Let’s take a look at the different IP options:

    R1(config-ext-nacl)#permit ip any any ?
      dscp        Match packets with given dscp value
      fragments   Check non-initial fragments
      log         Log matches against this entry
      log-input   Log matches against this entry, including input interface
      option      Match packets with given IP Options value
      precedence  Match packets with given precedence value
      reflect     Create reflexive access list entry
      time-range  Specify a time-range
      tos         Match packets with given TOS value
      ttl         Ma
    ... Continue reading in our forum

  4. When the access-list is applied inbound on Robocop, you’ll need to permit the ICMP return traffic from ED209. Something like this:

    permit icmp host 192.168.12.1 host 192.168.12.2

    Or you could make it more “specific” by adding echo-reply at the end of that statement.

  5. Hello Rene/Laz,
    I apologize because my question may not be completely relevant to the topic. However, I would really like to get some help if possible.

    Would you please provide me a template for Border inbound ACL at the internet WAN router on the WAN interface? So far this is what I have found. Please let me know if I am missing anything.

    ip access-list extended INBOUND
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any unreachable
    deny icmp any any
    deny ip 10.0.0.0 0.255.255.255 any
    deny ip 172.16..0.0 0.15.255.255 any
    deny ip 192.168
    ... Continue reading in our forum

35 more replies! Ask a question or join the discussion by visiting our Community Forum