This may have a ridiculous answer but I have been working on it for a while so I am asking for help :) I got asked why the following scenario isn't working and I am failing to figure out why:
R1 -> default gateway is R2 R2 statically routes all RFC1918 addresses to Loopback100 Loopback100 should be able to use an ACL to permit or deny ICMP and log If I do this scenario from the ingress physical port on R2 everything works great. When repeated with lo100 it fails: CONFIG: R1 conf t int f0/0 ip address 192.168.1.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 192.168.1.2 R2 ip route 10.0.0.0 255.0.0.0 lo100 ip route 172.16.0.0 255.240.0.0 lo100 ip route 192.168.0.0 255.255.0.0 lo100 ip access-list extended blackhole permit icmp any any log deny icmp any any log int lo100 ip address 10.100.100.100 255.255.255.255 ip access-group blackhole in no shut TEST: R1#ping 10.100.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.100.100.100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms DEBUG FROM R2: Jun 12 16:43:21.943: ICMP: echo reply sent, src 10.100.100.100, dst 192.168.1.1 Jun 12 16:43:21.955: ICMP: echo reply sent, src 10.100.100.100, dst 192.168.1.1 Jun 12 16:43:21.959: ICMP: echo reply sent, src 10.100.100.100, dst 192.168.1.1 Jun 12 16:43:21.963: ICMP: echo reply sent, src 10.100.100.100, dst 192.168.1.1 Jun 12 16:43:21.967: ICMP: echo reply sent, src 10.100.100.100, dst 192.168.1.1 NO HITS ON ACL
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
