From: Chad Marsh (chad@xxxxxx)
Date: Sat Apr 01 2000 - 15:50:40 GMT-3
If you ONLY want to allow ping from R2 to R4, (sourcing from E0 or E1)
all you need is:
R5(config)# access-list 100 permit icmp host <R2 E0 IP> host <R4 S0 IP>
echo
R5(config)# access-list 100 permit icmp host <R2 E1 IP> host <R4 S0 IP>
echo
R5(config)# int s0
R5(config-if)# ip access-group 100 out
If you want to allow R2 to ping R4, (from E0 or E1) AND allow R4 to ping
R2 (to E0 or E1):
R5(config)# access-list 100 permit icmp host <R2 E0 IP> host <R4 S0 IP>
echo
R5(config)# access-list 100 permit icmp host <R2 E1 IP> host <R4 S0 IP>
echo
R5(config)# access-list 100 permit icmp host <R2 E0 IP> host <R4 S0 IP>
echo-reply
R5(config)# access-list 100 permit icmp host <R2 E1 IP> host <R4 S0 IP>
echo-reply
R5(config)# int s0
R5(config-if)# ip access-group 100 out
Chad Marsh
CCIE# 5185
clou@ebnetworks.com wrote:
>
> May be you guys have a better idea,
>
> E1 R2 E0 --- E0 R5 S0 (ACL 100 out) --- S0 R4 E0, R4 also has E1
>
> The requiremnet is allow ping from R2 to R4. One thing I'm not
> sure is do I need to define 6 entries just to satisfy the
> requirement? e.g.
>
> access-list 100 permit icmp host <R2 E0 IP> host <R4 S0 IP>
> access-list 100 permit icmp host <R2 E0 IP> host <R4 E0 IP>
> access-list 100 permit icmp host <R2 E0 IP> host <R4 E1 IP>
> access-list 100 permit icmp host <R2 E1 IP> host <R4 S0 IP>
> access-list 100 permit icmp host <R2 E1 IP> host <R4 E0 IP>
> access-list 100 permit icmp host <R2 E1 IP> host <R4 E1 IP>
>
> note: R2 E1 can use extended ping to R4
>
> Any suggestion? Thanks.
>
> Chi
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:12 GMT-3