[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DECbrouter-90T2,-T2A,-T1 |
| Notice: | Kits, DOCs, Release notes, SPDs notes 1-10 |
| Moderator: | FOUNDR::SHEEHAN |
|
| Created: | Wed Dec 23 1992 |
| Last Modified: | Thu Jun 05 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1313 |
| Total number of notes: | 4889 |
1310.0. "Standar IP access list" by TPOVC::MIKECHANG () Mon May 26 1997 12:08
It's cross post in CISCO conference
-----------------------------------
Hardware/SW Platform : 7507
IOS Software Version : 11.2
Feature Set : Authentication
Problem Summary : Deny is oneway or bi-dirction in standar IP access list
Problem Description :
Host A(192.168.1.1) B(192.168.1.2) CISCO 7507
| |
192.168.1.0 VLAN A --+----------------------+----------FastE1/0.10
192.168.2.0 VLAN B ------------------------------------FastE1/0.20
192.168.6.0 VLAN C --------+---------------------------FastE1/0.30
|
Host C(192.168.6.3)
The configuration is shown above,3VLAN are connected by Catalyst 5000 and trunk
to CISCO 7507. The goal of access list is to deny host B to access the host of
192.168.6.0 Per manual setting is done BUT the result is diffenent and
unexpected,anything is wrong please point it out,your input are very appreciated
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit 192.168.1.1 0.0.0.0 (for troubleshooting only)
access-list 1 permit any
Interface FastE1/0.30
ip access-group 1 out
The result :
a) Host B ping host C,We got ICMP_TYPE(3) message (ie. Dest Unreachable) in
each ping ICMP packet in host B and final return "192.168.6.3 does not
Responde"
b) BUT host C ping host B,wait and untill timeout and got "192.168.1.2 does
not responde" message.
The deny is bi-direction ? anything is wrong ?
| T.R | Title | User | Personal
Name | Date | Lines
|
|---|