From: Brian McGahan (brian@cyscoexpert.com)
Date: Thu Feb 13 2003 - 02:36:46 GMT-3
Pandora,
Outbound access-lists do not affect locally generated traffic on
the router. You can make the router treat locally generated traffic as
transit traffic by using a local policy routing however. The syntax
would be as follows:
Route-map LOCAL_POLICY permit 10
Set interface loopback0
!
ip local policy route-map LOCAL_POLICY
"show access-lists" and you should be able to see the list getting hits
after configuring the policy route.
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
Fax: 847.674.2625
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> pandoraytchan@hotmail.com
> Sent: Wednesday, February 12, 2003 7:58 PM
> To: ccielab@groupstudy.com
> Subject: Access-list problem
>
> Hi all,
>
> R1------R2
>
> R1 config
>
> interface Serial0/1
> ip address 131.108.2.2 255.255.255.0
> ip access-group 2 out
> no ip route-cache
> no ip mroute-cache
> clockrate 128000
> !
> !
> access-list 2 deny any log
>
> I found that I can ping the r2 even this access list block all
traffic.
>
> Does access-list 2 block "all" traffic which originate from the r1?
>
> Does the access list work like "policy routing", doesn't work on the
> packet which originate from the router (unless I use command "local
> policy")?
>
> Thanks for any help
>
> Pandora
> .
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:21 GMT-3