Access List

[vallan]

We have a situation with a serial link and an Ethernet link to a router. The Ethernet link goes to the network while the serial link goes to the ISP.

On the Serial link
access-list 111 deny ip 198.212.14.48 0.0.0.15 any
ip access-group 166 in

On the Ethernet Link
access-list 167 permit ip 198.212.14.48 0.0.0.15 any
ip access-group 167 in

From my knowledge of Access list, does this not look as if we are denying source 198.212.14.48 0.0.0.15 from coming in into the serial link whereby no traffic from 198.212.14.48 0.0.0.15 will ever get to the router and then we are permitting them in again on the Ethernet link from where they can enter into the router?

Although I must say we have not been refused access, but can someone explain how the above works.

Thanks

 

[gaveeve]

ip access-group 166 in ... on the serial link, is this a typo? Shouldn't 166 be 111? Also if there is no permit any any after that statement you could deny everything.

 

[vallan]

Sorry

It should read.

On the Serial link
access-list 166 deny ip 198.212.14.48 0.0.0.15 any
ip access-group 166 in

On the Ethernet Link
access-list 167 permit ip 198.212.14.48 0.0.0.15 any
ip access-group 167 in

Thanks

 

[jgercken]

Both the access-lists are matching the source 192.212.14.48/? in the incoming packets. How do you expect to have the same subnet on both interfaces?
-Jeff ----------------------------------------
Wasabi Pop Tarts! Write Kellogs today!