AW: matching localling originated traffic with outbound

From: Marijo Bernardic (MBernardic@relianceglobalcom.com)
Date: Mon Nov 24 2008 - 13:43:51 ARST

• Next message: Scott M Vermillion: "RE: Traceroute Block"
• Previous message: Muhammad Nasim: "Re: OT: online earning tips"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

If the task does not really ask for an interface ACL you could also put an "Access-class" onto your vty lines in outgoing direction.

Regards
Marijo

-----Urspr|ngliche Nachricht-----
Von: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Im Auftrag von Huan Pham
Gesendet: Samstag, 22. November 2008 11:42
An: ccielab; Amr
Betreff: Re: matching localling originated traffic with outbound access-list

Hi,
 
By default, outbound ACL does not match traffic generated locally by the
router itself. You can use local policy to route locally traffic via
an loopback interface to trick the router, so that it treats the locally
generated traffic same as the one transitting the router.
 
Try this:
 
R2#
 
ip local policy route-map LOCAL
!
route-map LOCAL permit 10
 set interface Loopback0
 
 
Cheers,
 

--- On Sat, 11/22/08, Amr <amr.ccie@gmail.com> wrote:

From: Amr <amr.ccie@gmail.com>
Subject: matching localling originated traffic with outbound access-list
To: "ccielab" <ccielab@groupstudy.com>
Date: Saturday, November 22, 2008, 9:16 PM

Dear All,
            My scenario is as follows

R1 (Fa0/1) -------------------- (Fa0/1) R2 (S0/0)
-----------------------------(S0/0/0) R3

i want to deny telnet from R2 to R3 using an outbound access-list applied on
inteface S0/0

so how to match on locally originated telnet traffic from R2 toward R3
loopback 0 (3.3.3.3)

Here is the configuration on R2

interface Serial0/0
 ip address 10.1.1.2 255.255.255.0
 ip access-group 150 out
 encapsulation frame-relay
 frame-relay map ip 10.1.23.3 203 broadcast
 no frame-relay inverse-arp

access-list 150 deny tcp any host 3.3.3.3 eq telnet
access-list 150 permit ip any any

by applying the above configuration , telnet traffic from R1 to R3 is denied
by the telnet traffic originated from R2 toward R3 is permitted

So how to block the telnet traffic originated from R2 toward R3 using the
outbound access-list on R2

Thanks In Advance

Blogs and organic groups at http://www.ccie.net

• Next message: Scott M Vermillion: "RE: Traceroute Block"
• Previous message: Muhammad Nasim: "Re: OT: online earning tips"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:31 ARST