GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: matching localling originated traffic with outbound access-list posted 11/22/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi,
 
By default, outbound ACL does not match traffic generated locally by the
router itself. You can use local policy to route locally traffic via
an loopback interface to trick the router, so that it treats the locally
generated traffic same as the one transitting the router.
 
Try this:
 
R2#
 
ip local policy route-map LOCAL
!
route-map LOCAL permit 10
 set interface Loopback0
 
 
Cheers,
 


--- On Sat, 11/22/08, Amr <amr.ccie@xxxxxxxxx> wrote:

From: Amr <amr.ccie@xxxxxxxxx>
Subject: matching localling originated traffic with outbound access-list
To: "ccielab" <ccielab@xxxxxxxxxxxxxx>
Date: Saturday, November 22, 2008, 9:16 PM

Dear All,
            My scenario is as follows

R1 (Fa0/1) -------------------- (Fa0/1) R2 (S0/0)
-----------------------------(S0/0/0) R3

i want to deny telnet from R2 to R3 using an outbound access-list applied on
inteface S0/0

so how to match on locally originated telnet traffic from R2 toward R3
loopback 0 (3.3.3.3)

Here is the configuration on R2

interface Serial0/0
 ip address 10.1.1.2 255.255.255.0
 ip access-group 150 out
 encapsulation frame-relay
 frame-relay map ip 10.1.23.3 203 broadcast
 no frame-relay inverse-arp

access-list 150 deny   tcp any host 3.3.3.3 eq telnet
access-list 150 permit ip any any

by applying the above configuration , telnet traffic from R1 to R3 is denied
by the telnet traffic originated from R2 toward R3 is permitted

So how to block the telnet traffic originated from R2 toward R3 using the
outbound access-list on R2

Thanks In Advance


Blogs and organic groups at http://www.ccie.net

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html