Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here





I was playing around with the concept of ACL and came across some issues. Host A and Host B can ping with no problems (they are on diff subnets) What I did was creat a standard ACL named TEST and added a deny host A from pinging host B. This worked fine. When I added several other deny statements as a test, and removed my initial deny statement for host A to ping B, I cannot ping Host B even though i removed that specific deny.

So I read and found that all ACL have a deny any by default. So what I did was to write permit any to counter the deny any, and then added a lower sequence # deny for host A to ping B.

But no matter how low i make that sequence# for the deny statement I am always able to ping host B.

So in summary,

1.Deny worked initially
2.Added other deny statements, removed initial deny specific for host a to b, cannot ping B
3.Added permit any, was able to ping Host B
4.Added lower seq deny for A to ping B, does not work, I am always able to ping host B

Where am i going wrong here?

btw, i tried doing it the other way round. Leaving that deny any, and just permitting that specific host a to ping b. Does not work.


post your ACL


I have attached the access list here.

ACL name is test

I applied the access list group test to int fa 0/1 IN on router one

If i remove the "permit any" the host wont be able to go out. But even if i remove the deny 5 i still cannot ping from


Never mind, simple issue with ip address, problem solved

Thanks neutral

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close