Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question regarding Standard Access Lists

Status
Not open for further replies.
techkiwi

techkiwi

Technical User
Joined
Jun 19, 2002
Messages
169
Location
NZ
I'm sure there's a simple answer to this, but I sure can't work it out!

I have a test lab. At one end is a Cisco 1720 with several PCs plugged in to the FastEthernet interface (192.168.20.1/24), at the other end is a Cisco 2501 with a PC plugged in to the Ethernet interface (192.168.33.1/24). They are connected via a WAN connection.

I set up a standard access list on the 2501 as follows:

access-list 10 permit 192.168.20.0 0.0.0.15

If I apply this access-list to the Ethernet interface it works as I expect it to - namely, any PC hanging off the Cisco 1720 with an IP address in the range 192.168.20.1 to 192.168.20.15 can get through to the PC, those PCs with IP addresses outside this range can't.

Now comes the part I can't figure out - if I apply the same access-list to the 2501 Serial port everything gets blocked.

Why?

Thanks, Graham
 
Sort by date Sort by votes
How are you applying the access list? In or out?
 
Upvote 0 Downvote
You are only permitting 192.168.20.x traffic into the 192.168.20.x network(assuming as per bell1996 that the access list is applied in). None of those ip's are on the outside of that network and therefore can't get in.
 
Upvote 0 Downvote
Thanks for the replies! I'm not sure if I explained everything very well above. I try to ping or telnet to a computer on the 192.168.33/x network (ie the 2501 Ethernet interface) from a computer on the 192.168.20.x network (ie the 1701 FastEthernet interface) across the WAN link.

I've tried applying the list both in and out of the Serial interface, and it has the same effect. Pings from any machine on the 192.168.20.x network get blocked (even those that should be allowed, namely 192.168.20.1 to 192.168.20.15).

The only difference is that if I apply the access-list out, my Telnet session from 192.168.20.11 stays up while pings fail, but if I apply it in I also lose my Telnet session after about 10 seconds! (Just to add to the confusion).

Thanks, Graham
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
515
DavetheChef
DavetheChef
Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
499
Zero6
Zero6
Mogles49
  • Locked
  • Question Question
Firewall ACL question
Replies
1
Views
352
burtsbees
burtsbees
CDIV
  • Locked
  • Question Question
Use uplink port as access port 2960
Replies
9
Views
1K
CDIV
CDIV
CDIV
  • Locked
  • Question Question
How do I enable SSH access in 2960x
Replies
4
Views
1K
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top