10-15-2010 08:38 AM - edited 03-06-2019 01:32 PM
hi all,
here is output from ACL 110
2650XM#debug ip packet 110 de
2650XM#debug ip packet 110 detail
IP packet debugging is on (detailed) for access list 110
2650XM#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms
2650XM#
Oct 13 14:00:16.220 MST: IP: tableid=0, s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.220 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.224 MST: ICMP type=8, code=0
Oct 13 14:00:16.272 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.272 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.272 MST: ICMP type=8, code=0
Oct 13 14:00:16.324 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
2650XM#
Oct 13 14:00:16.324 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.324 MST: ICMP type=8, code=0
Oct 13 14:00:16.376 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.376 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.376 MST: ICMP type=8, code=0
Oct 13 14:00:16.428 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.428 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.428 MST: ICMP type=8, code=0
config of acl 110
access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2
it is applied to interface
Building configuration...
Current configuration : 271 bytes
!
interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 110 out
My question is that when we ping some ip we send echo and get back echo reply from that IP but here as per debug we see all the pings from source ip 96..x.x.x. to destination which is 4.2.2.2.
if someone can explain me the out put of above debug please?
thanks
mahesh
Solved! Go to Solution.
10-15-2010 09:02 AM
Mahesh
Yes, you would need to add another line to your acl 110 ie.
access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2
access-list 110 permit icmp host 4.2.2.2 host 96.51.x.x
Jon
10-15-2010 08:44 AM
mahesh18 wrote:
hi all,
here is output from ACL 110
2650XM#debug ip packet 110 de
2650XM#debug ip packet 110 detail
IP packet debugging is on (detailed) for access list 110
2650XM#ping 4.2.2.2Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms2650XM#
Oct 13 14:00:16.220 MST: IP: tableid=0, s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.220 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.224 MST: ICMP type=8, code=0
Oct 13 14:00:16.272 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.272 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.272 MST: ICMP type=8, code=0
Oct 13 14:00:16.324 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
2650XM#
Oct 13 14:00:16.324 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.324 MST: ICMP type=8, code=0
Oct 13 14:00:16.376 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.376 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.376 MST: ICMP type=8, code=0
Oct 13 14:00:16.428 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.428 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.428 MST: ICMP type=8, code=0config of acl 110
access-list 110 permit icmp host 96.51.128.176 host 4.2.2.2
it is applied to interface
Building configuration...
Current configuration : 271 bytes
!
interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 110 outMy question is that when we ping some ip we send echo and get back echo reply from that IP but here as per debug we see all the pings from source ip 96..x.x.x. to destination which is 4.2.2.2.
if someone can explain me the out put of above debug please?
thanks
mahesh
Mahesh
Not sure what you are asking here.
An outbound access-list applied to a router interface does not stop the router itself sending out ICMP packets. It stops clients behind the router but not the router itself. That is why even with the acl applied you can still ping from the router.
As for the debug, well you only see thos packets in the debug because you are using acl 110 in the debug and only those packets are being matched.
Jon
10-15-2010 08:55 AM
Hi Jon,
thanks for reply
i was asking this thay when we ping the remote ip 4.2.2.2 and use debug command why we do not see the reply coming from destination
4.2.2.2 echo reply?
is this because we have debug config only from source to destination?
thanks
mahesh
10-15-2010 09:02 AM
Mahesh
Yes, you would need to add another line to your acl 110 ie.
access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2
access-list 110 permit icmp host 4.2.2.2 host 96.51.x.x
Jon
10-15-2010 09:08 AM
Many thanks again john
It worked now
Regards
Mahesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: