I was playing around with the concept of ACL and came across some issues. Host A and Host B can ping with no problems (they are on diff subnets) What I did was creat a standard ACL named TEST and added a deny host A from pinging host B. This worked fine. When I added several other deny statements as a test, and removed my initial deny statement for host A to ping B, I cannot ping Host B even though i removed that specific deny.
So I read and found that all ACL have a deny any by default. So what I did was to write permit any to counter the deny any, and then added a lower sequence # deny for host A to ping B.
But no matter how low i make that sequence# for the deny statement I am always able to ping host B.
So in summary,
1.Deny worked initially
2.Added other deny statements, removed initial deny specific for host a to b, cannot ping B
3.Added permit any, was able to ping Host B
4.Added lower seq deny for A to ping B, does not work, I am always able to ping host B
Where am i going wrong here?
btw, i tried doing it the other way round. Leaving that deny any, and just permitting that specific host a to ping b. Does not work.