PS - 'debug ip policy' showed the traffic was being policy routed. Also
- ACL used in PBR was "match ip add 0".
Rgds,
Peter
On 19/08/2012 14:02, Peter Dervan wrote:
> Hi guys,
> Very small question regarding applying local PBR to a router. I have
> seen (& tested) that if you want to test, for example, reflexive ACL's
> on a router, using traffic generated by the router..... one way to get
> this working is to setup a PBR matching all traffic, & send to a
> loopback interface. I think we have all seen this "trick" before for
> various testing of security services etc (i think same applied to ip
> inpsect etc?).
> My question is relating this trick/tactic to restricting telnet
> traffic outbond under the VTY lines using "access-class 23 out" for
> example. I know this command only usually applies to telnet traffic
> that is initiated from a user who is telnetted into the router. I
> tried getting around this by using the PBR "trick" mentioned already,
> and it did not work. My telnet traffic was not affected by the ACL in
> place. Can anyone explain why this didnt work? I'm sure its probably
> very simple, but i was expecting the access-class command to take
> affect once i enabled a local PBR and bounced traffic to a loopback
> first.
>
> any words of wisdom much appreciated as usual...
>
> Pete (Ireland)
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 19 2012 - 14:06:10 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART