Access-list Denying local traffic

From: gladston@br.ibm.com
Date: Thu May 19 2005 - 15:56:13 GMT-3

• Next message: joshua lauer: "Re: NMC Remote Racks"
• Previous message: Dennis J. Hartmann: "NMC Remote Racks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This router, 12.2T, is blocking local originated traffic. Isn't it supposed to occur?
From what I have learned, theory and practice, local originated traffic is not blocked.
But this is even more weird. Access-list is IN eth0/1, and it is blocking traffic from this router OUT eth0/1.
The next two lines are the result of debug ip packet det 101, where 101 specify origin 142.20.28.2 and destination 224.0.1.1.
Th last line is the result of 'deny any any log-input' of access-list 150.

Rack2R2#sh access
May 19 15:49:41: IP: s=142.20.28.2 (local), d=224.0.1.1 (Ethernet0/1), len 76, sending broad/multicast
May 19 15:49:41: UDP src=123, dst=123
May 19 15:49:41: IP: s=142.20.28.2 (Ethernet0/1), d=224.0.1.1, len 76, access denied
May 19 15:49:41: UDP src=123, dst=123

May 19 15:49:45: %SEC-6-IPACCESSLOGP: list 150 denied udp 142.20.28.2(123) (Ethernet0/1 0030.94d8.e9a1) -> 224.0.1.1(123), 3 packets

Rack2R2#sh run int e 0/1
Building configuration...

Current configuration : 239 bytes
!
interface Ethernet0/1
 ip address 142.20.28.2 255.255.255.0
 ip access-group 150 in
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 half-duplex
 ntp broadcast
 ntp multicast
end

Rack2R2#sh access-list 150
Extended IP access list 150
    10 permit tcp 142.20.28.0 0.0.0.255 host 142.20.28.2 eq telnet (45 matches)
    20 Dynamic Dynamic permit ip 142.20.28.0 0.0.0.255 any
    30 permit igmp any any (64 matches)
    40 permit ospf any any (223 matches)
    50 permit udp 142.20.28.0 0.0.0.255 host 142.20.2.1 eq ntp (15 matches)
    60 permit udp 142.20.28.0 0.0.0.255 host 142.20.28.2 eq ntp
    70 permit pim any any (81 matches)
    80 permit tcp host 142.20.28.8 host 142.20.28.2 eq bgp (70 matches)
    90 permit icmp 142.20.28.0 0.0.0.255 any echo (15 matches)
    100 permit icmp 142.20.28.0 0.0.0.255 any echo-reply
    110 permit icmp host 142.20.8.1 any echo-reply (5 matches)
    120 deny ip any any log-input (28 matches)
Rack2R2#

• Next message: joshua lauer: "Re: NMC Remote Racks"
• Previous message: Dennis J. Hartmann: "NMC Remote Racks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3