Solved

ACL brought down network

Posted on 2011-09-12
3
496 Views
Last Modified: 2012-05-12
I just applied an ACL to an interface and it brought down my entire network.

I am trying to block RDP from inside my network to a server also inside my network. So I did...

access-list 113 deny   tcp 10.0.0.0 0.255.255.255 host 10.127.10.7 eq 3389
access-list 113 deny   udp 10.0.0.0 0.255.255.255 host 10.127.10.7 eq 3389

Applied it to the VLAN:

IP access-group 113 in

and boom....no more network.

Thoughts?
0
Comment
Question by:AHEC
3 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 350 total points
ID: 36524529
add

permit ip any any to the bottom of the acl.
0
 
LVL 17

Assisted Solution

by:Garry-G
Garry-G earned 150 total points
ID: 36524725
Soulja already gave you the fix ...

Generally, Cisco access lists imply a "deny any any" on an access list as soon as a single line is present ...  this can bite you quickly if you try to recreate an access list without removing it from the interfaces first ...
0
 
LVL 1

Author Closing Comment

by:AHEC
ID: 36524990
Thanks guys...stupid mistake.

won't forget that one.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question