From: Danny Andaluz (dannyandaluz@comcast.net)
Date: Sat Apr 05 2003 - 00:17:00 GMT-3
I'm seeing something similar. However, I think the deny ip any any does not
apply to ospf or any routing protocol. You need this line, I believe:
access-list 101 deny ospf any any
However I just ran this test in my lab and I noticed that when you configure
the list inbound on the ethernet, it works as expected. You can't even ping
yourself. Outbound, it's like it's not even there. Very strange. An
explanation for this would be great.
My setup:
access-list 100 deny ip any any (on 2500 applied to ethernet out)
2500 router connected to a 3550
router e0 ip 10.10.10.1/24
3550 int vlan1 ip 10.10.10.2/24
I even tried configuring a loopback on the 2500 and sourcing the ping from
there and it still worked with the list applied outbound.
----- Original Message -----
From: "Richard Davidson" <rich@myhomemail.net>
To: "groupstudy" <ccielab@groupstudy.com>
Sent: Friday, April 04, 2003 7:47 PM
Subject: local sourced traffic no matching out bound ACL?
> If I have an access-list on E0 that denys all traffic
> out and the router has an adjacency with a neighboring
> ospf router, how does this route stay up. This router
> can still ping neighboring devices out of the E0
> interface. Does the router not follow the interface
> access-list rule? I think it does. What do I do to
> get the router to follow the rules of the access-list.
> Any link or explanation would help.
>
> Thanks All.
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:46 GMT-3