Help reflecxive access list

From: David Deng (glend_99@yahoo.com)
Date: Wed Dec 17 2003 - 23:40:44 GMT-3

• Next message: JamesGEF: "Re: NETMASTER"
• Previous message: Ccie12650@aol.com: "CCIE#12650"
• Next in thread: Richard Davidson: "Re: Help reflecxive access list"
• Maybe reply: Richard Davidson: "Re: Help reflecxive access list"
• Maybe reply: David Deng: "Re: Help reflecxive access list"
• Maybe reply: David Deng: "Re: Help reflecxive access list"
• Maybe reply: Brian McGahan: "RE: Help reflecxive access list"
• Maybe reply: Brian McGahan: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Maybe reply: Adel Abushaev: "Re: Help reflecxive access list"
• Maybe reply: Brian McGahan: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

I have a question on Reflecxive access list, the
traffic should be able to pass through the middle
router as long as it is initiated from within the
internal network. But I can not achieve the result.

Here is my config and results.
ping from sfp2 to 100.0.0.1 ... no response
ping from DMI to 200.0.0.1 - UUU unreachable

spf2------------g1/0/13--shadow1--g1/0/14-------DMI
    .1 200.0.0.0 .2 .2 100.0.0.0 .1

shadow1#sh ip access-lists
Extended IP access list in10
    10 permit ospf any any reflect test (51 matches)
    20 permit tcp any any reflect test
    30 permit icmp any any reflect test
Extended IP access list out10
    10 evaluate test
Reflexive IP access list test
     permit ospf host 200.0.0.2 eq host 200.0.0.1 (7
matches) (time
left 240)
     permit ospf host 224.0.0.5 eq host 200.0.0.1
(51 matches) (time
left 295)
shadow1#sh run int g1/0/13
Building configuration...

Current configuration : 142 bytes
!
interface GigabitEthernet1/0/13
 no switchport
 ip address 200.0.0.2 255.255.255.0
 ip access-group in10 in
 ip access-group out10 out
end

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

• Next message: JamesGEF: "Re: NETMASTER"
• Previous message: Ccie12650@aol.com: "CCIE#12650"
• Next in thread: Richard Davidson: "Re: Help reflecxive access list"
• Maybe reply: Richard Davidson: "Re: Help reflecxive access list"
• Maybe reply: David Deng: "Re: Help reflecxive access list"
• Maybe reply: David Deng: "Re: Help reflecxive access list"
• Maybe reply: Brian McGahan: "RE: Help reflecxive access list"
• Maybe reply: Brian McGahan: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Maybe reply: Adel Abushaev: "Re: Help reflecxive access list"
• Maybe reply: Brian McGahan: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Maybe reply: David Deng: "RE: Help reflecxive access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:42 GMT-3