RE: Deny traffic from router itself

From: Jörg Buesink (buesink@fma.nl)
Date: Fri Jan 20 2006 - 11:57:26 GMT-3

• Next message: Mark Lasarko: "RE: Way OT: What Flash Drives should I buy?"
• Previous message: joshua lauer: "Re: ccie tax write-off's"
• Maybe in reply to: Popgeorgiev Nikolay: "Deny traffic from router itself"
• Next in thread: Ramiro Garza: "Re: Deny traffic from router itself"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It's possible on a 12000 series router (ip receive ACL).
But I don't think you'll find 12000's on the lab ;-)

Met vriendelijke groet/ with kind regards,

Jvrg Buesink
CCIE#15032

________________________________

Van: nobody@groupstudy.com namens Gustavo Novais
Verzonden: vr 20-1-2006 15:22
Aan: Popgeorgiev Nikolay; ccielab@groupstudy.com
Onderwerp: RE: Deny traffic from router itself

Yes it does :) You probably weren't doing the test from a vty. Try
applying it to line con 0 also.

User Access Verification

Password:
Password:
Rack1R3>ena
Password:
Rack1R3#telnet 183.1.0.4
Trying 183.1.0.4 ...
% Connections to that host not permitted from this terminal
Rack1R3#ping 183.1.0.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 183.1.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
Rack1R3#sh run | b line
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
line vty 0 4
 access-class 23 out
 password cisco
 login
line vty 5
 access-class 23 out
 login
!
!
end

Rack1R3#sh access-list 23
Standard IP access list 23
    10 deny 183.1.0.4 (1 match)
    20 permit any
Rack1R3#

Gustavo Novais

-----Original Message-----
From: Popgeorgiev Nikolay [mailto:nikolay.popgeorgiev@siemens.com]
Sent: sexta-feira, 20 de Janeiro de 2006 13:54
To: Gustavo Novais; Popgeorgiev Nikolay; ccielab@groupstudy.com
Subject: RE: Deny traffic from router itself

Gustavo,

I already tried this it doesn't work

Nick

-----Original Message-----
From: Gustavo Novais [mailto:gustavo.novais@novabase.pt]
Sent: Friday, January 20, 2006 3:40 PM
To: Popgeorgiev Nikolay; ccielab@groupstudy.com
Subject: RE: Deny traffic from router itself

You can try an access-class out, on the line vty's. that will limit the
destinations to where you may telnet.

Gustavo Novais

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Popgeorgiev Nikolay
Sent: sexta-feira, 20 de Janeiro de 2006 12:59
To: ccielab@groupstudy.com
Subject: Deny traffic from router itself

Hello people,

I have a question is it possible with a ACL to deny packets from a
router itself.For example I want to stop a user connected to the router
from making telnet to another router ? But not with transport output
command on the line interface, and without a route-map

thanks !

best,
Nick

• Next message: Mark Lasarko: "RE: Way OT: What Flash Drives should I buy?"
• Previous message: joshua lauer: "Re: ccie tax write-off's"
• Maybe in reply to: Popgeorgiev Nikolay: "Deny traffic from router itself"
• Next in thread: Ramiro Garza: "Re: Deny traffic from router itself"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:50 GMT-3