From: tim wu (tim_wu@xxxxxxxxxxx)
Date: Mon Sep 10 2001 - 23:10:54 GMT-3
hi,members
I found a phenomenon.I set a echo-reply filter under SJ serial-port0,when I pi
ng the loop0 of SJ from BJ,it's not working,alternative,when I set the same fil
ter under NY serial-port0,it's working.
SJ-----------NY--------------BJ
loop0 s0 s0 s1 s1
SJ
inter s 0
ip access-g 100 out
access-list 100 deny icmp host <SJ_loop0_ip_address> host <BJ_s1_ip_address>
echo-reply
access-list 100 permit ip any any
When I ping loop0 of SJ from BJ, SJ can still echo reply of BJ.
When I set the same filter under NY serial-port0,EACL can filter echo-reply suc
cessfully.
NY
inter s0
ip access-g 100 in
access-list 100 deny icmp host <SJ_loop0_ip_address> host <BJ_s1_ip_address>
echo-reply
access-list 100 permit ip any any
So,I get a result,the filter of echo-reply under SJ serial-port is not useful,t
he filter shall be set under its upstream router.
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:16 GMT-3