The test of ACL
# show version
Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.4(2)T, RELEASE SOFTWARE (fc1)
#
# show running-config interface vlan 500
Building configuration...
!
interface Vlan500
ip address 192.168.1.254 255.255.255.0
ip access-group 2001 in
ip access-group 2001 out
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1414
ipv6 address FE80::D0:3211:1:BEAF link-local
ipv6 address xxxx:xx:xxxx:1::BEAF/64
ipv6 enable
ipv6 mtu 1280
ipv6 nd other-config-flag
ipv6 nd ra interval 5 3
ipv6 dhcp server local-ipv6-dns
ipv6 traffic-filter firewall out
end
#
gw#show access-lists 2001
Extended IP access list 2001
10 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
20 deny icmp any any log (15 matches)
30 permit ip any any (4305 matches)
gw#
gw#ping
Protocol [ip]:
Target IP address: 192.168.1.254
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.2.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.254
U.U.U
Success rate is 0 percent (0/5)
gw#
gw#show access-lists 2001
Extended IP access list 2001
10 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
20 deny icmp any any log (20 matches)
30 permit ip any any (4542 matches)
gw#