Re: NOT ABLE TO PING ROUTER OWN INTERFACE IP

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue Jul 31 2007 - 16:12:59 ART

• Next message: Victor Cappuccio: "RE: BGP route not showing synchronize"
• Previous message: Brad Ellis: "RE: reread pass chances"
• Maybe in reply to: NITIN NITIN: "NOT ABLE TO PING ROUTER OWN INTERFACE IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you ping yourself the ICMP echo is being transmitted onto the
Ethernet network. Then when you try to receive the ICMP echo that
you sent your inbound ACL is denying it. When pinging yourself you
are the sending an ICMP echo, receiving an ICMP echo, sending an ICMP
echo reply and finally receiving the ICMP echo reply.

Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

On Jul 31, 2007, at 11:20 AM, NITIN NITIN wrote:

> Hi Experts,
> I have these ACL applied on int and cant ping my own ip why ?????
> although inbound icmp echo is denied ....... icmp echo-reply is
> permit
>
> Rack1R4#sh access-lists R3-in
> Extended IP access list R3-in
> 10 deny icmp any any echo (48 matches)
> 20 permit ip any any (1946 matches)
> Rack1R4#sh access-lists R3-out
> Extended IP access list R3-out
> 10 deny icmp any any time-exceeded log
> 20 deny icmp any any port-unreachable log
> 30 permit ip any any
> Rack1R4#ping 204.12.1.254
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.254, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max =
> 60/77/100 ms
> Rack1R4#ping 204.12.1.4
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.4, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> Rack1R4#sh access-lists R3-in
> Extended IP access list R3-in
> 10 deny icmp any any echo (53 matches)
> 20 permit ip any any (1981 matches)
> Regards
>
>
> ---------------------------------
> Shape Yahoo! in your own image. Join our Network Research Panel
> today!
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Victor Cappuccio: "RE: BGP route not showing synchronize"
• Previous message: Brad Ellis: "RE: reread pass chances"
• Maybe in reply to: NITIN NITIN: "NOT ABLE TO PING ROUTER OWN INTERFACE IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:42 ART