Solved

ACL brought down network

Posted on 2011-09-12
3
495 Views
Last Modified: 2012-05-12
I just applied an ACL to an interface and it brought down my entire network.

I am trying to block RDP from inside my network to a server also inside my network. So I did...

access-list 113 deny   tcp 10.0.0.0 0.255.255.255 host 10.127.10.7 eq 3389
access-list 113 deny   udp 10.0.0.0 0.255.255.255 host 10.127.10.7 eq 3389

Applied it to the VLAN:

IP access-group 113 in

and boom....no more network.

Thoughts?
0
Comment
Question by:AHEC
3 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 350 total points
ID: 36524529
add

permit ip any any to the bottom of the acl.
0
 
LVL 17

Assisted Solution

by:Garry-G
Garry-G earned 150 total points
ID: 36524725
Soulja already gave you the fix ...

Generally, Cisco access lists imply a "deny any any" on an access list as soon as a single line is present ...  this can bite you quickly if you try to recreate an access list without removing it from the interfaces first ...
0
 
LVL 1

Author Closing Comment

by:AHEC
ID: 36524990
Thanks guys...stupid mistake.

won't forget that one.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now