they do it on the Fa0/0 interface there!
On Wed, Oct 28, 2009 at 12:38 AM, eseosa <eseosa.ehiwe_at_gmail.com> wrote:
> The cbac inspection rule should be applied on the BVI for layer 2 IOS firewall.
>
> On 10/27/09, Divin Mathew John <divinjohn_at_gmail.com> wrote:
>> I have this topology
>>
>> r1 ---R2 --- r3
>>
>> R2 is bridging E0/0[to R1] and E0/1[to R3]. I am using IRB. with
>> "Bridge 1 route ip". I assign the BVI with an Ip address from the
>> same subnet as R1 and R3. now. i configure CBAC and put it in inbound
>> on E0/0 [R2] and an accesslist denying ICMP, IP, on E0/1 R2.
>> unfortunately there are no hits on the ACL. and CBAC isn't inspecting
>> the ICMP inbound on R2's E0/0. Is it a requirement for them to RUN
>> dot1q encapsulation for l2firewall to work? . the connections in my
>> diagram, there's no switches involved. hence no trunking?
>>
>> --
>>
>> Sent from Karnataka, India
>> John Blake - "The world tolerates conceit from those who are
>> successful, but not from anybody else." -
>> http://www.quotationspage.com/quote/26825.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Warm Regards,
>
> Eseosa
> CCIE#23782
>
-- Sent from Karnataka, India Dale Carnegie - "Any fool can criticize, condemn, and complain - and most fools do." - http://www.quotationspage.com/quote/765.html Blogs and organic groups at http://www.ccie.netReceived on Wed Oct 28 2009 - 00:40:11 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:01 ART