Hi guys,
Very small question regarding applying local PBR to a router. I have
seen (& tested) that if you want to test, for example, reflexive ACL's
on a router, using traffic generated by the router..... one way to get
this working is to setup a PBR matching all traffic, & send to a
loopback interface. I think we have all seen this "trick" before for
various testing of security services etc (i think same applied to ip
inpsect etc?).
My question is relating this trick/tactic to restricting telnet traffic
outbond under the VTY lines using "access-class 23 out" for example. I
know this command only usually applies to telnet traffic that is
initiated from a user who is telnetted into the router. I tried getting
around this by using the PBR "trick" mentioned already, and it did not
work. My telnet traffic was not affected by the ACL in place. Can anyone
explain why this didnt work? I'm sure its probably very simple, but i
was expecting the access-class command to take affect once i enabled a
local PBR and bounced traffic to a loopback first.
any words of wisdom much appreciated as usual...
Pete (Ireland)
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 19 2012 - 14:02:02 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART