Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2891
Views
0
Helpful
1
Replies

Rejecting vs Denying packets in IOS acl lists

lgiese
Level 1
Level 1

‎03-12-2003 07:04 AM - edited ‎03-02-2019 05:48 AM

Most ACL rules reject packets(just drop them), can ACL's be made to return a reject instead?

I am running a 2516(ios 12.0(23)) and a 1750(ios 12.0(3)) and want to send back a reject packet for ident inquires instead of denying or just dropping the packets. These routers are in seperate sites and are the boundry between the internal networks and the Internet.

Thanks,

Lyle

Labels:
0 Helpful
1 Reply 1

donewald
Level 6
Level 6

‎03-13-2003 04:52 AM

Lyle,

In short, No. ACLs have only a permit and deny function and will not nor cannot return a packet to it's source, unless this source is connected to this router directly, where in you you could implement PBR (Policy Based Routing) to redirect this packet to a New (determined by you) next-hop address. This would not rewrite the destination address to be your source so you'd need some type of software (Sniffer) to allow packets not destined to it to be accepted. ACLs, if denying traffic can send ICMP (Administratively prohibited, or other) back to the host saying that the packet got dropped as well.

Hope this helps you,

Don

0 Helpful
Customers Also Viewed These Support Documents