.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
router bypasses ACL for locally sourced traffic
This is from the 12.2 documentation on how an outbound Access List functions (I provided the link below)…. “If the access list is outbound, after receiving and routing a packet to the outbound interface, the software checks the access list’s criteria statements for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.”
Please note that the packet must be received by the router and routed to the outbound interface. Note this never happens with locally originated traffic.
The simplest way to control Telnet access with an access list is to use the access-class command in line configuration mode.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ fsecur_c/ftrafwl/scfacls.htm
Anthony J Sequeira CCIE #15626 —–Original Message—– From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Koen Zeilstra Sent: Friday, June 30, 2006 8:40 AM To: ccielab@groupstudy.com Subject: router bypasses ACL for locally sourced traffic
Hi Group,
Maybe this has been posted before, however I could not find any reference. Perhaps other wording is used to describe this.
What would is the explanation for a router bypassing ACL’s applied in the outgoing direction for locally source traffic?
For example:
(R1)e0/0————e0/0(R2)
R1
int e0/0 ip access-group ACL out !
ip access-list ext ACL deny tcp any any eq telnet permit ip any any !
Telnetting from R1 to R2 works fine even with the ACL denying outgoing packets destined for port 23.
thanks,
Koen
———————– You will feel hungry again in another hour.
