Hi,
Can you paste your CBAC and R2's interface configs?
--
Piotr Matusiak
CCIE #19860 (R&S, SEC)
Technical Instructor
MicronicsTraining.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2009/10/27 Divin Mathew John <divinjohn_at_gmail.com>
> I have this topology
>
> r1 ---R2 --- r3
>
> R2 is bridging E0/0[to R1] and E0/1[to R3]. I am using IRB. with
> "Bridge 1 route ip". I assign the BVI with an Ip address from the
> same subnet as R1 and R3. now. i configure CBAC and put it in inbound
> on E0/0 [R2] and an accesslist denying ICMP, IP, on E0/1 R2.
> unfortunately there are no hits on the ACL. and CBAC isn't inspecting
> the ICMP inbound on R2's E0/0. Is it a requirement for them to RUN
> dot1q encapsulation for l2firewall to work? . the connections in my
> diagram, there's no switches involved. hence no trunking?
>
> --
>
> Sent from Karnataka, India
> John Blake - "The world tolerates conceit from those who are
> successful, but not from anybody else." -
> http://www.quotationspage.com/quote/26825.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 28 2009 - 11:01:01 ART