Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ACL's on Cisco routers (2600's) ...

ACL's on Cisco routers (2600's) ... 12 years 3 months ago #4495

  • Spitifre
  • Spitifre's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
I am having a little trouble with the access control lists on Cisco 2600 series routers.
I have a basic understanding of them and how they operate, but when it comes to setting up an extended ACL I seem to have trouble with the keywords HOST and ANY.
Not sure when to use them and sometimes the ANY keyword is used twice in succession.
eg. access-list 110 deny tcp
access-list 110 permit ip any any
also tcp was used in the deny ACL and ip used in the permit ACL
A little confusing.
In some cases only a single ANY is used.
I would appreciate some assistance here, thank you.
(The above ACL is an actual ACL)
The administrator has disabled public write access.

Re: ACL's on Cisco routers (2600's) ... 12 years 3 months ago #4517

  • Neon
  • Neon's Avatar
  • Offline
  • Distinguished Member
  • Posts: 101
  • Karma: 0
I’ll answer your simple question first. The reason why there are two any any is because on an Extended ACL you need both a source and a destination. However if you were using a Simple ACL you would only need to specify one ANY since Simple ACLs only require a source address.

I can also see a problem in your ACL
[code:1]access-list 110 deny tcp <-- Look at the wildcards[/code:1]

What that line is doing is stopping all TCP traffic from network reaching any other network. To make it work the way I think you intended it to be you would need to have your wildcards set to This makes sure that the first 3 octets of the addressed are checked. *Remember that a 0 in a wildcard means check the bit and a 1 means don’t check the bit.

To sum up your ACL would look like this:

[code:1]access-list 110 deny tcp
access-list 110 permit ip any any

Don't forget to apply the ACL to an interface :)
The administrator has disabled public write access.
Time to create page: 0.074 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup