Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Foundstone scanning T.125

We want to restrict a Foundstone scanning box to only scan certain subnets on a pair of trunked switches. I've added a extended ACL to both switches (also tried a standard ACL) restricting the Foundstone to access certain devices.

ie. -

Extended IP access list FOUNDSTONE

10 deny ip host 10.211.100.18 host 10.210.100.11

20 permit ip any any

Now for some reason traffic is still hitting 10.210.100.11 from 10.211.100.18 with the above ACL applied inbound to the links of these 2 switches back to the Core switches. How is that possible? There are no other trunks to other switches.

I peformed a packet capture on host 10.210.100.11 and I see the traffic making its way though (Foundstone box) is sending traffic using the T.125 protocol which I gather reading is IP.

Anyone had this problem before with T.125/Foundstone, the traffic making its way through an ACL. How can this be possible?.

Everyone's tags (1)
640
Views
0
Helpful
0
Replies