Hi, I have a Cisco 828 GSHDSL Router. This is not in production. At the moment i am trying to implement an Outbound ACL to interface ethernet 0. I have successfully applied an inbound access-list which i can see works correctly (also confirmed via syslog server). I want to implement an outbound ACL on the interface. here is the relevant config.
description Connect to Internal LAN
ip address 188.8.131.52 255.255.255.0
ip access-group 101 out
access-list 101 deny ip any any log
However i can still reach anything and everything. ie ping telnet etc etc. Nothing shows up in the syslog server.
The original post says that he has implemented an inbound access list and it worked properly. He is now trying to do an outbound access list which is not doing what he expected. Telling him to apply it inbound is not a solution to his problem.
What he is experiencing is a fundamental (but frequently not so well understood) behavior of access lists: an outbound access list on an interface will not filter packets that originated in the router itself. The outbound access list will filter packets that come from outside the router and are forwarded out the interface (transit traffic through the router). But the outbound access list will not filter things (pings, telnets, etc) that are done directly on the router.
So if you want to test the outbound access list the original poster will need to connect a PC (or some kind of end station) to another interface on the router and generate traffic that the router will forward out this interface. Then he will see the access list blocking packets.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...