Re: Layer 2 Firewall [transparent Firewalls from Divin Mathew John on 2009-10-28 (Ccielab archives 10/2009)

From: Divin Mathew John <divinjohn_at_gmail.com>
Date: Wed, 28 Oct 2009 15:35:57 +0530

bridge irb
bridge 1 route ip
ip inspect name HELLO icmp
bridge 1 protocol ieee
int fa0/0
descrip to R1
ip inspect HELLO in
bridge-group 1
int fa0/1
desc to R3
bridge-group 1
ip access-group ACL in

int bvi 1
ip add 10.0.0.2 255.255.255.0 [R1 is 10.0.0.1 R3 is 10.0.0.3 ]
ip access-group exten ACL
permit eigrp any any
deny icmp any any log

thats like it. i kinda didnt save the config.
On Wed, Oct 28, 2009 at 3:31 PM, Piotr Matusiak <piotr_at_ccie1.com> wrote:

> Hi,
>
> Can you paste your CBAC and R2's interface configs?
>
> --
> Piotr Matusiak
> CCIE #19860 (R&S, SEC)
> Technical Instructor
> MicronicsTraining.com
>
> If you can't explain it simply, you don't understand it well enough -
> Albert Einstein
>
>
> 2009/10/27 Divin Mathew John <divinjohn_at_gmail.com>
>
>> I have this topology
>>
>> r1 ---R2 --- r3
>>
>> R2 is bridging E0/0[to R1] and E0/1[to R3]. I am using IRB. with
>> "Bridge 1 route ip". I assign the BVI with an Ip address from the
>> same subnet as R1 and R3. now. i configure CBAC and put it in inbound
>> on E0/0 [R2] and an accesslist denying ICMP, IP, on E0/1 R2.
>> unfortunately there are no hits on the ACL. and CBAC isn't inspecting
>> the ICMP inbound on R2's E0/0. Is it a requirement for them to RUN
>> dot1q encapsulation for l2firewall to work? . the connections in my
>> diagram, there's no switches involved. hence no trunking?
>>
>> --
>>
>> Sent from Karnataka, India
>> John Blake - "The world tolerates conceit from those who are
>> successful, but not from anybody else." -
>> http://www.quotationspage.com/quote/26825.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>

--
Sent from Karnataka, India
Fran Lebowitz <http://www.quotationspage.com/quote/21489.html>  - "All God's
children are not beautiful. Most of God's children are, in fact, barely
presentable."
Blogs and organic groups at http://www.ccie.net

Received on Wed Oct 28 2009 - 15:35:57 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:01 ART