TAG

acl

  • 2021-04-04
  • 2021-04-04
  • 0件

Operation by ACL “Packet generated by the router itself”

Cisco qualified CCNA and CCNP frequently have access list (ACL) issues. Or y, it is always asked. Among them, there is content that the examinee often mistakes, and there is a content that “can not be solved undying if you do not know it”. The content is “Packets generated by the router itself are not subject to the access list”. Let’s test if the packet is actually uncontrolled. Test configuration Configuration/Settings Set the following access list to Cisco 891fj and Ping another router with ip address 192.168.55.1. * By the way, it is necessary to set protocol settings and destinations, so use extended ACLs. The access list 100 specifies a protocol ICMP, and the source is Any (all), and the destination is set to 192.168.55.1. Then set the access list 100 to the out direction (egress) of GigabitEhternet8 on the orange router. This should control ICMP packets from the orange router to 192.168.55.1. Router#show run int gi8 interface GigabitEthernet8 ip address 192.168.55.80 255.255.255.0 ip access-group 100 out duplex auto speed auto Router#show access-lists | sec 100 Extended IP access list 100    10 deny icmp any host 192.168.55.1 Since “implicit Deni ALL” is set to the last line, all resulting […]