From: Menga, Justin (Justin.Menga@xxxxxxxxxx)
Date: Mon Sep 10 2001 - 23:31:14 GMT-3
Any traffic generated by the router internally (e.g. from Loopback0 on SJ)
is not subject to ACL inspection
Regards
Justin Menga CCIE #6640
Network Solutions Architect
Wireless & E-Infrastructure
Compaq Computer New Zealand
DDI: +64-9-918-9381 Mobile: +64-21-349-599
mailto: justin.menga@compaq.com
web: http://www.compaq.co.nz
-----Original Message-----
From: tim wu [mailto:tim_wu@gz.ctil.com]
Sent: Tuesday, 11 September 2001 2:11 p.m.
To: ccielab
Subject: about EACL echo-reply filter
hi,members
I found a phenomenon.I set a echo-reply filter under SJ serial-port0,when I
ping the loop0 of SJ from BJ,it's not working,alternative,when I set the
same filter under NY serial-port0,it's working.
SJ-----------NY--------------BJ
loop0 s0 s0 s1 s1
SJ
inter s 0
ip access-g 100 out
access-list 100 deny icmp host <SJ_loop0_ip_address> host
<BJ_s1_ip_address> echo-reply access-list 100 permit ip any any
When I ping loop0 of SJ from BJ, SJ can still echo reply of BJ.
When I set the same filter under NY serial-port0,EACL can filter echo-reply
successfully.
NY
inter s0
ip access-g 100 in
access-list 100 deny icmp host <SJ_loop0_ip_address> host
<BJ_s1_ip_address> echo-reply
access-list 100 permit ip any any
So,I get a result,the filter of echo-reply under SJ serial-port is not
useful,the filter shall be set under its upstream router.
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:16 GMT-3