Access-List

[duster123]

I place this command on my switch:

access-list 2 deny host 9.9.9.3
access-list 2 permit any
end

how is it that im still able to access shares and ping that compute(9.9.9.3)?Also, the 9.9.9.3 workstation is still able to see all other worksations.

 

[leedsit]

Hi,

you need to apply that access list to an interface...

user

ip access-group 2 in | out

LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+

 

[duster123]

But what if 9.9.9.3 workstation is on the same switch as 9.9.9.2? how do i block 9.9.9.3 from acessing 9.9.9.2

 

[chieftan]

Apply the access-group to the port that 9.9.9.2 is attached to (using the 'out' option).

 

[duster123]

im sorry, but im kinda new to cisco so how would i apply the access list to a port. what would be the command?

 

[chieftan]

As per leedsit response above:-

switch> en
password: <enter the password>
switch#conf t
switch (conf)#int fa<the interface that 9.9.9.2 is attached to - i.e fa0/1>

switch(conf-if)#ip access-group 2 out
switch(conf-if)#ctrl+Z
switch#wr

Test this. If this does not work then replace the 'out' in the above command with 'in'. It all depends on how the switch views the packets.

 

[duster123]

Im getting an invalid input on my 2950 when i type the command
ip access-group 2 out. even when i go to config t and access the interface:

 

[chieftan]

Unfortuantly where I am at the moment I dont have access to a 2950. However later I will have and I will have a look and post the result here.