Job Search, Job Listing, Opportunity
Work at home job, job vacancy
find a job, vacancy list, cari lowongan
Butuh, Segera, secretary, director
« Lab re-read
router bypasses ACL for locally sourced traffic »

router bypasses ACL for locally sourced traffic

June 30, 2006 @ 8:09 am · Filed under CCIE Study


It has to do with the order of operations….
Check out:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chap ter09186a00804fde4d.html
Applying Access Lists to Interfaces
For some protocols, you can apply up to two access lists to an interface: one inbound access list and one outbound access list. With other protocols, you apply only one access list which checks both inbound and outbound packets.
If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the access list’s criteria statements for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.
If the access list is outbound, after receiving and routing a packet to the outbound interface, the software checks the access list’s criteria statements for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.
Note Access lists that are applied to interfaces do not filter traffic that originates from that router.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE #153, CISSP, et al. CCSI/JNCI IPExpert CCIE Program Manager IPExpert Sr. Technical Instructor smorris@ipexpert.com http://www.ipexpert.com
—–Original Message—– From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Koen Zeilstra Sent: Friday, June 30, 2006 8:40 AM To: ccielab@groupstudy.com Subject: router bypasses ACL for locally sourced traffic
Hi Group,
Maybe this has been posted before, however I could not find any reference. Perhaps other wording is used to describe this.
What would is the explanation for a router bypassing ACL’s applied in the outgoing direction for locally source traffic?
For example:
(R1)e0/0————e0/0(R2)
R1
int e0/0 ip access-group ACL out !
ip access-list ext ACL deny tcp any any eq telnet permit ip any any !
Telnetting from R1 to R2 works fine even with the ACL denying outgoing packets destined for port 23.
thanks,
Koen
———————– You will feel hungry again in another hour.

Bookmark this post:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb
keywords found: lists traffic other explanation after interfaces order 

Leave a Comment

Related Post