Cisco ACL Issue

Discussion in 'Cisco' started by bluedude2288, Oct 5, 2011.

  1. bluedude2288

    bluedude2288

    Joined:
    Oct 5, 2011
    Messages:
    2
    I had a lab today in my Advanced Routing class that threw in a step of applying an acl to not allow 2 out of the four loopbacks from accessing the loopback of a router 2 hops over. Everything pinged fine as was workign before the ACL part.

    We got to the ACL part and could not get the router with the 4 loopbacks to block traffic using an extended ACL outbound on the link to the next hop.

    We tried putting in a ip deny any any outbound statement and ALL traffic was still allowed.

    We called over our instructor and she was stumped and told us to turn it in the way it was. I tried on my home lab and it behaves the same way. So what do I have wrong?

    Here is the config the acl is on.
    Code:
    Current configuration : 1576 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R2
    !
    boot-start-marker
    boot-end-marker
    !
    logging message-counter syslog
    !
    no aaa new-model
    memory-size iomem 15
    !
    !
    !
    dot11 syslog
    ip source-route
    !
    !
    ip cef
    !
    !
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    voice-card 0
    !
    !
    !
    !
    !
    !
    archive
     log config
      hidekeys
    !
    !
    !
    !
    !
    !
    interface Loopback97
     ip address 192.168.20.97 255.255.255.252
    !
    interface Loopback101
     ip address 192.168.20.101 255.255.255.252
    !
    interface Loopback105
     ip address 192.168.20.105 255.255.255.252
    !
    interface Loopback109
     ip address 192.168.20.109 255.255.255.252
    !
    interface FastEthernet0/0
     ip address 192.168.1.161 255.255.255.224
     ip access-group 100 out
     duplex auto
     speed auto
    !
    interface FastEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/0/0
     no ip address
     shutdown
     clock rate 2000000
    !
    interface Serial0/0/1
     no ip address
     shutdown
     clock rate 2000000
    !
    router ospf 1
     log-adjacency-changes
     network 192.168.1.161 0.0.0.0 area 0
     network 192.168.20.0 0.0.0.255 area 20
    !
    router ospf 20
     log-adjacency-changes
     distance 118 192.168.20.0 0.0.0.255
    !
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    !
    !
    access-list 100 deny   ip 192.168.20.104 0.0.0.7 10.4.4.0 0.0.0.255
    access-list 100 permit ip any any
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
     logging synchronous
    line aux 0
    line vty 0 4
     login
    !
    scheduler allocate 20000 1000
    end-list 
    
    When ping we used the the ping 10.4.4.4 source loopback 105

    Thanks
    Last edited: Oct 5, 2011
    bluedude2288, Oct 5, 2011
    #1
    1. Advertising

  2. bluedude2288

    bluedude2288

    Joined:
    Oct 5, 2011
    Messages:
    2
    Figured it out!

    It won't run through ACLs when the packets are originating from a loopback address but it does from a physical port.

    But why?
    bluedude2288, Oct 5, 2011
    #2
    1. Advertising

  3. bluedude2288

    mprasad079

    Joined:
    Dec 23, 2012
    Messages:
    12
    Please share detail topology and acl. Use inbound while applying acl with proper wildcard mask.
    mprasad079, Dec 23, 2012
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shad T
    Replies:
    0
    Views:
    568
    Shad T
    Jun 29, 2004
  2. Vimokh
    Replies:
    3
    Views:
    5,592
    Vimokh
    Sep 6, 2006
  3. primesoft
    Replies:
    0
    Views:
    410
    primesoft
    Oct 29, 2006
  4. primesoft

    cisco 1720 router [vpn and acl issue]

    primesoft, Oct 30, 2006, in forum: Hardware
    Replies:
    0
    Views:
    638
    primesoft
    Oct 30, 2006
  5. primesoft

    cisco 1720 router [vpn and acl issue]

    primesoft, Oct 30, 2006, in forum: Hardware
    Replies:
    1
    Views:
    848
    lacho
    Nov 6, 2006
Loading...

Share This Page