Question

You have configured ACLs on your router. A partial configuration for the router is shown below:

hostname RouterA
!
interface FastEthernet0/0
ip address
speed auto
duplex auto
!
interface FastEthernet0/1
ip address
speed auto
duplex auto
!
interface Serial0/1/0
ip address
encapsulation ppp
ip access-group 7 in
!
access-list 7 deny
access-list 7 permit ip any any
!

You want to block any traffic received on S0/1/0 that is sent to the host with address . However, you find that traffic sent to this host through that interface is still being allowed.

What should you do?

Answer 1

To block traffic to a certain host, you must specify the host's IP address in the ACL 'deny' statement. Add 'access-list 7 deny ip any host 192.168.1.100' before the 'permit ip any any' to effectively block the host.

Step-by-step explanation:

To resolve the issue of traffic still being allowed to the host through the interface S0/1/0 despite applying an Access Control List (ACL), you need to modify the ACL with a specific rule to deny traffic to the intended host's IP address. Currently, the ACL is incomplete as it contains 'access-list 7 deny' with no network specified and then a permit statement that allows all other traffic with 'access-list 7 permit ip any any.'

To block traffic to a specific host, the ACL should include the host's IP address following the deny statement. For example, if the host's IP address is 192.168.1.100, you should add 'access-list 7 deny ip any host 192.168.1.100' before the permit statement. This will deny all traffic to the host 192.168.1.100 and permit all other traffic thereafter.

The corrected ACL configuration would look like this:

• access-list 7 deny ip any host 192.168.1.100
• access-list 7 permit ip any any

After updating the ACL, you should apply it to the interface again to activate the new rules.