From: Suryakant P (suryakant.pandian@gmail.com)
Date: Mon May 26 2008 - 12:47:14 ART
yes shawn.I am able to ping without the ACL
On 5/26/08, Shawn Zandi <szmetal@gmail.com> wrote:
>
> You're pinging from R4? wrong router! you've been able to ping before ACL?
>
> On Mon, May 26, 2008 at 5:38 PM, Suryakant P <suryakant.pandian@gmail.com>
> wrote:
>
>> Hi All,
>>
>> I have two routers connected to a common ethernet segment.
>>
>> r1(204.12.1.4)f0/0----f0/1r2(204.12.1.254)
>>
>> I have configured reflexive acl on the r1 router.
>>
>> interface FastEthernet0/0
>> ip address 204.12.1.4 255.255.255.0
>> ip access-group inbound in
>> ip access-group outbound out
>> duplex auto
>> speed auto
>>
>> ip access-list extended inbound
>> permit udp any any eq rip
>> permit tcp any any eq bgp
>> permit tcp any eq bgp any
>> permit icmp any any echo-reply
>> permit tcp any eq telnet any
>> evaluate RETURN
>> ip access-list extended outbound
>> permit icmp any any reflect RETURN
>> permit udp any any reflect RETURN
>> permit tcp any any reflect RETURN
>>
>> With this configuration,I was not able to ping r1's own interface.
>>
>> Rack1R4#ping 204.12.1.4
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 204.12.1.4, timeout is 2 seconds:
>> .....
>> Success rate is 0 percent (0/5)
>> Rack1R4#
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART