Re: Ip extended access list

From: clou@xxxxxxxxxxxxxx
Date: Wed Apr 19 2000 - 23:02:20 GMT-3

• Next message: Joe Martin: "Re: IS-IS and OSPF weirdness"
• Previous message: Goh, Winston: "RE: vpn's"
• Maybe in reply to: John Conzone: "Ip extended access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John,

I've tried it and everything seems fine to me.

Topology:
r9 s0 (135.3.34.4) -- s0 r2 e0 -- e0 r3 (135.3.30.2)

! apply ACL 100 out on r2 e0
ip access-group 100 out

! ping
r9#p 135.3.30.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 135.3.30.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
r9#
r2#sh access-list
Extended IP access list 100
    permit ip host 135.3.34.4 host 135.3.30.2 log (5 matches)
    deny ip any any log

! telnet
r9#tel 135.3.30.2
Trying 135.3.30.2 ... Open

r3>exit
r2#sh access-l
Extended IP access list 100
    permit ip host 135.3.34.4 host 135.3.30.2 log (22 matches)
    deny ip any any log
r2#
%SEC-6-IPACCESSLOGDP: list 100 permitted icmp 135.3.34.4 -> 135.3.30.2 (0/0), 4
packets
%SEC-6-IPACCESSLOGP: list 100 permitted tcp 135.3.34.4(0) -> 135.3.30.2(0), 16
p
ackets

I would add "log" to the ACL to get the details.

Chi Lou
CCIE# 5795
eB Networks

• Next message: Joe Martin: "Re: IS-IS and OSPF weirdness"
• Previous message: Goh, Winston: "RE: vpn's"
• Maybe in reply to: John Conzone: "Ip extended access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3