09-27-2014 03:51 AM - edited 03-07-2019 08:54 PM
I want that no packet leaves f0/0 (R2).
These are my configurations:
R1:
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
R2:
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip access-group 101 out
!
access-list 101 deny ip any any
!
Solved! Go to Solution.
09-28-2014 01:05 PM
Given the configs shown in the original post R2 will be able to ping R1 and I am guessing that this (or something very similar) is what leads the original poster to say that the ACL is not working.
The issue here is that an access list applied outbound on an interface will not process traffic that is generated by the router itself. The ACL shown will be very effective in preventing transit traffic (traffic that came from somewhere to R2 and to be forwarded out f0/0). But it will not work on packets generated by R2.
HTH
Rick
09-28-2014 12:19 PM
Hello rcpoemrvt,
You are applied access-list on R2's FastEthernet0/0 interface outbound direction.
This configuration is perfect.. Please let me know how you are checking and what issue you are facing.
Also check you are getting hits in access-list or not.
09-28-2014 01:05 PM
Given the configs shown in the original post R2 will be able to ping R1 and I am guessing that this (or something very similar) is what leads the original poster to say that the ACL is not working.
The issue here is that an access list applied outbound on an interface will not process traffic that is generated by the router itself. The ACL shown will be very effective in preventing transit traffic (traffic that came from somewhere to R2 and to be forwarded out f0/0). But it will not work on packets generated by R2.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide