ACL brought down network

Posted on 2011-09-12
Medium Priority
Last Modified: 2012-05-12
I just applied an ACL to an interface and it brought down my entire network.

I am trying to block RDP from inside my network to a server also inside my network. So I did...

access-list 113 deny   tcp host eq 3389
access-list 113 deny   udp host eq 3389

Applied it to the VLAN:

IP access-group 113 in

and boom....no more network.

Question by:AHEC
LVL 26

Accepted Solution

Soulja earned 1400 total points
ID: 36524529

permit ip any any to the bottom of the acl.
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 600 total points
ID: 36524725
Soulja already gave you the fix ...

Generally, Cisco access lists imply a "deny any any" on an access list as soon as a single line is present ...  this can bite you quickly if you try to recreate an access list without removing it from the interfaces first ...

Author Closing Comment

ID: 36524990
Thanks guys...stupid mistake.

won't forget that one.

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How does someone stay on the right and legal side of the hacking world?
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question