From: Richard Davidson (rich@myhomemail.net)
Date: Thu Dec 18 2003 - 01:18:27 GMT-3
try:
show access-list test
--- David Deng <glend_99@yahoo.com> wrote:
> Hi Group,
>
> I have a question on Reflecxive access list, the
> traffic should be able to pass through the middle
> router as long as it is initiated from within the
> internal network. But I can not achieve the result.
>
> Here is my config and results.
> ping from sfp2 to 100.0.0.1 ... no response
> ping from DMI to 200.0.0.1 - UUU unreachable
>
> spf2------------g1/0/13--shadow1--g1/0/14-------DMI
> .1 200.0.0.0 .2 .2 100.0.0.0 .1
>
> shadow1#sh ip access-lists
> Extended IP access list in10
> 10 permit ospf any any reflect test (51 matches)
> 20 permit tcp any any reflect test
> 30 permit icmp any any reflect test
> Extended IP access list out10
> 10 evaluate test
> Reflexive IP access list test
> permit ospf host 200.0.0.2 eq host 200.0.0.1
> (7
> matches) (time
> left 240)
> permit ospf host 224.0.0.5 eq host 200.0.0.1
> (51 matches) (time
> left 295)
> shadow1#sh run int g1/0/13
> Building configuration...
>
> Current configuration : 142 bytes
> !
> interface GigabitEthernet1/0/13
> no switchport
> ip address 200.0.0.2 255.255.255.0
> ip access-group in10 in
> ip access-group out10 out
> end
>
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
>
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:42 GMT-3