From: nagendra kumar (nagendranainar@yahoo.co.in)
Date: Mon Mar 24 2008 - 02:18:27 ART
Emil,
I guess your config will not affect R2's ping request as the incoming interface for R2 ping packet is f0/1 which doesnt have any ACL configured. You may have to configure the access-group in f0/1 to get things into effect.
Your config will only affect the packets coming through f0/0 interface.
Regards,
Nagendra
YourPal <dearprudence28@gmail.com> wrote: Hi Group,
I thought of this scenario but have no access to my lab routers to test it
at this moment.
Say, R1 has the following config:
!
int fa0/0
ip add 172.16.1.1 255.255.255.0
ip access-gr 100 in
!
int f0/1
ip add 172.16.2.1 255.255.255.0
!
access-list 100 deny icmp any any
access-list 100 permit ip any any
!
Say, R2 pings R1's IP address 172.16.1.1 and the packet enters R1's Fa0/0
interface. And say R1's route to R2 via Fa0/1 interface.
Understand that R1 will send an ICMP Type 3 Unreachable (Administratively
Prohibited code) message back to R2 because its ACL denies the packet. In my
case, I want R1 not to send unreachable messages back to the source. Which
interface should I apply the "no ip unreachables" command? Fa0/0 or Fa0/1?
Thank you.
BR,
Emil
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART