Didn't save the config but essentially it looked like this.
access-list 101 permit eigrp any any
!
route-map eigrp-block
match ip address 101
set interface null0
!
ip local policy route-map eigrp-block
!
Let me know what you find. Maybe I can't use set interface null0 for local
policy route map?
Cheers,
-Aaron.
-----Original Message-----
From: Vladimir Osipenko [mailto:tiffolk_at_gmail.com]
Sent: Wednesday, 6 July 2011 1:29 PM
To: Aaron Riemer
Cc: Brian McGahan; Cisco certification
Subject: Re: acl basics
Aaron, are you sure? Show us your config, please.
I googled and found http://betep.wpl.ru/2011/04/do-you-know-what.html
I will check myself later.
On 6 July 2011 04:13, Aaron Riemer <ariemer_at_amnet.net.au> wrote:
> Just tested this now. Local policy routing does not have any impact on any
> locally generated EIGRP packets.
>
> Thanks Brian.
>
>
> Cheers,
>
> -Aaron.
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan_at_ine.com]
> Sent: Tuesday, 5 July 2011 11:47 PM
> To: Vladimir Osipenko
> Cc: Aaron Riemer; Cisco certification
> Subject: Re: acl basics
>
> Try it and let us know your results.
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> On Jul 5, 2011, at 1:47 AM, "Vladimir Osipenko" <tiffolk_at_gmail.com> wrote:
>
>> Won't "ip local policy" block router traffic?
>>
>> On 5 July 2011 09:34, Aaron Riemer <ariemer_at_amnet.net.au> wrote:
>>> Interesting. Thanks guys much appreciated!
>>>
>>> -Aaron.
>>>
>>> -----Original Message-----
>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>> Brian McGahan
>>> Sent: Tuesday, 5 July 2011 12:41 PM
>>> To: Aaron Riemer
>>> Cc: Cisco certification
>>> Subject: Re: acl basics
>>>
>>> Locally generated packets are not subject to ACLs applied outbound on an
>>> interface. It has to do with the order of operations of the classifier
on
>>> the interface. You'd see the same result if you said "deny ip any any"
in
>>> your list.
>>>
>>> Local policy routing won't work unless it's a much older IOS version, as
>>> local control plane traffic is not subject to local policy routing
> anymore.
>>>
>>> The workaround is simply that you have to apply the ACL in on the other
>>> side.
>>>
>>> HTH,
>>>
>>> Brian McGahan, CCIE #8593 (R&S/SP/Security)
>>> bmcgahan_at_INE.com
>>>
>>> Internetwork Expert, Inc.
>>> http://www.INE.com
>>>
>>> On Jul 4, 2011, at 10:52 PM, "Aaron Riemer" <ariemer_at_amnet.net.au>
wrote:
>>>
>>>> Hey guys,
>>>>
>>>>
>>>>
>>>> I am playing with EIGRP and wanted to mess with some ACLs to verify my
>>>> understanding of the query and reply process.
>>>>
>>>>
>>>>
>>>> I have an ACL below on one router where I am hoping to allow eigrp
>>> multicast
>>>> packets but deny any unicast.
>>>>
>>>>
>>>>
>>>> ip access-list extended block-eigrp
>>>>
>>>> permit eigrp any host 224.0.0.10
>>>>
>>>> deny eigrp any any
>>>>
>>>>
>>>>
>>>> interface serial0/0
>>>>
>>>> ip access-group block-eigrp out
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This doesn't seem to block router EIGRP unicast packets at all. I have
> got
>>>> around this by blocking at the other end in the 'in' direction but I am
>>> just
>>>> curious as to why this isn't working.
>>>>
>>>>
>>>>
>>>> My thoughts are it has something to do with the fact that the traffic
is
>>>> originated from the router itself and as such is not subject to the
> rules
>>> of
>>>> the ACL. No matches on the ACL seems to confirm this.
>>>>
>>>>
>>>>
>>>> Local policy routing?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>>
>>>> -Aaron.
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 06 2011 - 14:14:12 ART
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:05 ART