From: Suryakant P (suryakant.pandian@gmail.com)
Date: Mon May 26 2008 - 10:38:05 ART
Hi All,
I have two routers connected to a common ethernet segment.
r1(204.12.1.4)f0/0----f0/1r2(204.12.1.254)
I have configured reflexive acl on the r1 router.
interface FastEthernet0/0
ip address 204.12.1.4 255.255.255.0
ip access-group inbound in
ip access-group outbound out
duplex auto
speed auto
ip access-list extended inbound
permit udp any any eq rip
permit tcp any any eq bgp
permit tcp any eq bgp any
permit icmp any any echo-reply
permit tcp any eq telnet any
evaluate RETURN
ip access-list extended outbound
permit icmp any any reflect RETURN
permit udp any any reflect RETURN
permit tcp any any reflect RETURN
With this configuration,I was not able to ping r1's own interface.
Rack1R4#ping 204.12.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Rack1R4#
I understand that ,reflexive acl does not act on the traffic generated by
the router itself.That could be reason for the ping failure
ip access-list extended originated
permit icmp host 204.12.1.4 any
route-map local-traffic permit 10
match ip address originated
set interface Loopback0
ip local policy route-map local-traffic
Even with these changes ,I was not able to ping 204.12.1.4.
Is this something to do with the way packet reaches that interface or am I
missing anything here?
Thanks
With regards
Suryakant
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART