We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 618 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

390 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Jon,

    You didn’t specify the network address that you used with the wildcard. Let’s assume it’s 20.10.0.0 0.0.254.254. Let’s look at some examples…

    20.10.1.0 = 00010100 000001010 00000001 00000000
    20.10.1.1 = 00010100 000001010 00000001 00000001
    20.10.1.2 = 00010100 000001010 00000001 00000010
    20.10.1.3 = 00010100 000001010 00000001 00000011
    20.10.1.4 = 00010100 000001010 00000001 00000100
    
    20.10.2.0 = 00010100 000001010 00000010 00000000
    20.10.3.0 = 00010100 000001010 00000011 00000000
    20.10.4.0 = 00010100 000001010 00000100 00000000
    20.10.4.1 = 00010100 000
    ... Continue reading in our forum

  2. Hello Hussein.

    When creating and implementing (extended) access lists, you are specifying how to filter traffic based on source and destination IPs, protocols, ports etc. In order to filter traffic that is generated locally by the router, you just have to determine the IP address from which it is being generated (an IP address of a local physical or loopback interface) and filter it accordingly by applying the access list to the appropriate interface(s).

    You don’t have to do anything special for locally generated traffic, just make sure you have the appropriat

    ... Continue reading in our forum

  3. Thank you very much Rene,

    I try this policy and it’s work :-

    !
    access-list 100 permit icmp host 192.168.45.4 host 192.168.45.5
    !
    !
    class-map match-all 1
     match access-group 100
    !
    policy-map 1
     class 1
      drop
    !
    control-plane
     service-policy output 1
    !
    

    Thanks again Rene

  4. Hello Heng

    So, if you create an access list deny 10.10.10.0 0.0.0.255 and apply it inbound on Fa0/1, any traffic coming INTO Fa0/1 that has a source IP address of 10.10.10.X would be dropped.

    Now, if you have traffic with a source IP address of 10.10.10.X coming into interface Fa0/2 and it is being routed OUT of Fa0/1, then the traffic will NOT be dropped.

    Access lists that are applied to an interface function only in ONE DIRECTION. If you want them to function in both directions, you must apply both an inbound and an outbound access list.

    I hope this has been helpful!

    Laz

  5. Hello Lazzros Agapides
    Thank you so much for your explanation now i got this .

22 more replies! Ask a question or join the discussion by visiting our Community Forum