From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Sat Feb 12 2005 - 13:39:56 GMT-3
Rack1R1#telnet 1.1.1.1 /route: ?
Hostname or A.B.C.D Next host in route
Rack1R1#telnet 1.1.1.1 /route:
Or via ping:
Rack1R1#ping
Protocol [ip]:
Target IP address: 1.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: l
Source route:
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: simon hart [mailto:simon.hart@btinternet.com]
Sent: Saturday, February 12, 2005 4:52 AM
To: Brian Dennis; John T M; Group Study
Subject: RE: Reflexive ACL
Hi Brian,
I am interested the source route method. Can you provide an example of
that
is achieved
Thanks
Simon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brian
Dennis
Sent: 12 February 2005 05:15
To: John T M; Group Study
Subject: RE: Reflexive ACL
Traffic sourced by the router will not be reflected by ACL. This is
similar to how an outbound ACL does not affect traffic sourced by the
router (by default). If you want to test your configuration, try
telneting from a device behind R3.
The common solution to allow someone on R3 to telnet to R1 would be to
statically permit inbound returning telnet traffic. Another solution
would be to policy route the telnet traffic out a loopback (local
policy) and then it will be reflected. One last "off the wall" solution
would be to source route (i.e. bounce) the telnet traffic to a router
behind R3 and then the traffic will be reflected. I demonstrated these
exact scenarios in our Technologies class (IETC-RS) today.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John T M
Sent: Friday, February 11, 2005 8:19 PM
To: Group Study
Subject: Reflexive ACL
I was trying the reflexive acl, I am perturbed that it is not working. I
am
I missing something here ?? Here is the config at the routers , I
tried..
R3 (S0) -------- --------------------------------(S0) R1
R3 Config
interface Serial0
ip address 172.16.0.6 255.255.255.252
ip access-group INCOME in
ip access-group OUTGO out
!
interface Loopback0
ip address 10.0.103.1
!
ip access-list extended INCOME
permit icmp any any echo-reply
permit udp any any eq rip
evaluate ALLOW
ip access-list extended OUTGO
permit tcp any any reflect ALLOW
!
I tried without the ACL and I can telnet into R1, but once I put the ACL
it
doesn't work.
Regds/John
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:20 GMT-3