Re: ping drops on pinging local interface

Hi jack,
The traffic sourcered from router is not filtered but when this traffic reach the interface and then it send a icmp reply, then it is filtered.
But if you apply this incoming acl to the exit int and you ping to the int directly attached to this one, theb it will work.
Pls confirm if it works,
Br
Robclav

BlackBerry de movistar, allm donde estis esta tu oficin@

-----Original Message-----
From: jack daniels <jckdaniels12_at_gmail.com>

Date: Tue, 23 Jun 2009 12:29:16
To: <ccielab_at_groupstudy.com>
Subject: ping drops on pinging local interface

Ping works on my interface , but when I apply inbound acl on the interface
I can't ping my own interface
But as per I know on the router u apply acl , it doesn't match the router's
locally orignated traffic
so please suggest why it is happening ?

R3#sh run interface fastEthernet 0/0
Building configuration...

Current configuration : 103 bytes
!
interface FastEthernet0/0
 ip address 10.1.37.3 255.255.255.0
 duplex half
 no clns route-cache
end

R3#ping 10.1.37.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.37.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R3#cle
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int fa
R3(config)#int fastEthernet 0/0
R3(config-if)#ip acces
R3(config-if)#ip access-group 101 in
R3(config-if)#^Z
R3#conf t
00:53:38: %SYS-5-CONFIG_I: Configured from console by cping 10.1.37.3
R3#ping 10.1.37.3
R3#ping 10.1.37.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.37.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3#sh running-config | i access-list 101
access-list 101 deny icmp any host 10.1.37.3
access-list 101 permit ip any any

Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 23 2009 - 07:46:58 ART