router bypasses ACL for locally sourced traffic

From: Koen Zeilstra (koen@koenzeilstra.com)
Date: Fri Jun 30 2006 - 09:40:28 ART

• Next message: Koen Zeilstra: "RE: Lab re-read"
• Previous message: Scott Morris: "RE: Lab re-read"
• Next in thread: Scott Morris: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Scott Morris: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: anthony.sequeira@thomson.com: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: CCIEin2006: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: Elias Chari: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: Ivan: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: Koen Zeilstra: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Brian McGahan: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: CCIEin2006: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: blodwick: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Brian McGahan: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: blodwick: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Brian McGahan: "RE: router bypasses ACL for locally sourced traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

Maybe this has been posted before, however I could not find any reference.
Perhaps other wording is used to describe this.

What would is the explanation for a router bypassing ACL's applied in the
outgoing direction for locally source traffic?

For example:

(R1)e0/0------------e0/0(R2)

R1

int e0/0
  ip access-group ACL out
!

ip access-list ext ACL
  deny tcp any any eq telnet
  permit ip any any
!

Telnetting from R1 to R2 works fine even with the ACL denying outgoing
packets destined for port 23.

thanks,

Koen

-----------------------
You will feel hungry again in another hour.

• Next message: Koen Zeilstra: "RE: Lab re-read"
• Previous message: Scott Morris: "RE: Lab re-read"
• Next in thread: Scott Morris: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Scott Morris: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: anthony.sequeira@thomson.com: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: CCIEin2006: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: Elias Chari: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: Ivan: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: Koen Zeilstra: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Brian McGahan: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: CCIEin2006: "Re: router bypasses ACL for locally sourced traffic"
• Maybe reply: blodwick: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Brian McGahan: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: blodwick: "RE: router bypasses ACL for locally sourced traffic"
• Maybe reply: Brian McGahan: "RE: router bypasses ACL for locally sourced traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:34 ART