Reflexive Access List

From: Charles T. Alexander (charles.t.alexander@verizon.net)
Date: Fri Sep 05 2003 - 08:37:36 GMT-3

• Next message: Charles Church: "RE: duplexing problem"
• Previous message: Weidong Xiao: "RE: Memory leak??"
• Next in thread: Brian Dennis: "RE: Reflexive Access List"
• Maybe reply: Brian Dennis: "RE: Reflexive Access List"
• Maybe reply: Roberts, Larry: "RE: Reflexive Access List"
• Maybe reply: Snow, Tim: "RE: Reflexive Access List"
• Maybe reply: Brian Dennis: "RE: Reflexive Access List"
• Maybe reply: navaid@rogers.com: "Re: Reflexive Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Having trouble with a reflexive access list. Can not telnet from r2 to
r1 which is connected on e0 of r2.

r2#r
Building configuration...

Current configuration : 4671 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r2
!
logging buffered 10000 debugging
logging rate-limit console 10 except errors
enable password radnor
!
username r5 password 0 ctasta
ip subnet-zero
no ip finger
no ip domain-lookup
!
no ip dhcp-client network-discovery
isdn switch-type basic-ni
!
!
!
!
interface Loopback0
 ip address 192.168.2.2 255.255.255.255
!
interface Ethernet0
 ip address 172.29.12.2 255.255.255.192
 ip access-group untrusted in
 ip access-group trusted out
!
interface Serial0
 no ip address
 encapsulation frame-relay
 frame-relay lmi-type ansi
!
interface Serial0.4 point-to-point
 ip address 172.29.24.2 255.255.255.0
 frame-relay interface-dlci 104
!
interface Serial0.56 multipoint
 ip address 172.29.100.2 255.255.255.248
 ip ospf message-digest-key 1 md5 ctasta
 frame-relay map ip 172.29.100.2 105
 frame-relay map ip 172.29.100.5 105 broadcast
 frame-relay map ip 172.29.100.6 106 broadcast
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 ip address 172.29.25.2 255.255.255.0
 encapsulation ppp
 ip ospf demand-circuit
 shutdown
 dialer map ip 172.29.25.5 name r5 4082222222
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 40811111111
 isdn spid2 40811111112
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 no cdp enable
 ppp authentication chap
 ppp chap hostname r2x
!
router ospf 1
 router-id 192.168.2.2
 log-adjacency-changes
 area 0 authentication message-digest
 area 0 range 172.29.100.0 255.255.255.0
 area 0 range 172.29.200.0 255.255.255.0
 area 12 range 172.29.12.0 255.255.255.0
 area 12 virtual-link 192.168.1.1 message-digest-key 1 md5 ctasta
 summary-address 172.29.24.0 255.255.255.0
 redistribute connected subnets route-map c2o
 redistribute rip metric 100 subnets route-map r2o
 network 172.29.12.0 0.0.0.63 area 12
 network 172.29.25.0 0.0.0.255 area 0
 network 172.29.100.0 0.0.0.7 area 0
 network 192.168.2.2 0.0.0.0 area 2
 neighbor 172.29.100.6
 neighbor 172.29.100.5
 distance ospf inter-area 112 external 114
!
router rip
 redistribute connected metric 2
 redistribute ospf 1 metric 4 route-map o2r
 passive-interface BRI0
 passive-interface Ethernet0
 passive-interface Loopback0
 passive-interface Serial0.56
 network 172.29.0.0
 distribute-list 4 out Serial0.4
 distance 105
!
router bgp 12
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 12
 neighbor 192.168.1.1 update-source Loopback0
 neighbor 192.168.5.5 remote-as 5
 neighbor 192.168.5.5 ebgp-multihop 5
 neighbor 192.168.5.5 update-source Loopback0
 neighbor 192.168.5.5 send-community
 neighbor 192.168.5.5 route-map tor5 out
 neighbor 192.168.6.6 remote-as 6
 neighbor 192.168.6.6 ebgp-multihop 5
 neighbor 192.168.6.6 update-source Loopback0
 neighbor 192.168.6.6 send-community
 neighbor 192.168.6.6 route-map tor6 out
 no auto-summary
!
ip kerberos source-interface any
ip classless
ip http server
!
!
ip access-list extended trusted
 permit tcp any any reflect tcp-sessions
ip access-list extended untrusted
 permit ospf any any
 permit tcp any any eq bgp
 evaluate tcp-sessions
access-list 1 permit 172.29.40.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 2 permit 172.29.24.0 0.0.0.255
access-list 4 deny 172.29.25.0 0.0.0.255
access-list 4 permit any
access-list 11 permit 10.12.1.0 0.0.0.255
access-list 12 permit 10.12.2.0 0.0.0.255
access-list 13 permit 10.12.3.0 0.0.0.255
access-list 101 deny ip any host 224.0.0.5
access-list 101 deny ip any host 224.0.0.6
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
route-map c2r permit 10
 match ip address 3
!
route-map r2o permit 10
 match ip address 1
!
route-map o2r permit 10
 match ip address 4
!
route-map c2o permit 10
 match ip address 2
!
route-map tor5 permit 10
 match ip address 11
 set as-path prepend 100
!
route-map tor5 permit 20
 match ip address 12
 set as-path prepend 100 200
!
route-map tor5 permit 30
 match ip address 13
 set metric 275
!
route-map tor5 permit 40
!
route-map tor6 deny 10
 match ip address 11
!
route-map tor6 permit 20
 match ip address 12
 set as-path prepend 1200
!
route-map tor6 permit 30
 match ip address 13
 set community no-export
!
route-map tor6 permit 40
!
!
alias exec i show ip route
alias exec r show run
alias exec c config t
alias exec u undebug all
alias exec b show ip bgp
alias exec bs show ip bgp sum
alias exec s show ip int brief
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 escape-character 27
line aux 0
line vty 0 4
 exec-timeout 0 0
 password bp
 login
!
end

r2#

• Next message: Charles Church: "RE: duplexing problem"
• Previous message: Weidong Xiao: "RE: Memory leak??"
• Next in thread: Brian Dennis: "RE: Reflexive Access List"
• Maybe reply: Brian Dennis: "RE: Reflexive Access List"
• Maybe reply: Roberts, Larry: "RE: Reflexive Access List"
• Maybe reply: Snow, Tim: "RE: Reflexive Access List"
• Maybe reply: Brian Dennis: "RE: Reflexive Access List"
• Maybe reply: navaid@rogers.com: "Re: Reflexive Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:23 GMT-3