BTW, If you do an extended ping and source the ping from an interface that is not connected in the path to the destination the ACL will filter the packet. Lance ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know it's not what you said. What you said was obvious. I guess it comes > about because I said to test with end devices. Router A is acting like an > end device in your example. I should have been more clear. > > What is not obvious is that ACLs on Router B do not apply to pings to and > from Router B. Every newbie has probably been bitten by that one, > especially in simple labs. > > Priscilla > > At 09:42 PM 8/26/01, Brad Ellis wrote: > >Priscilla, that's not what I said. Here's what I said: > > > >"...pings sent by one router will not be filtered by another router? " > > > >Hence my diagram for further explanation: > > > >Router A -=- Router B -=- Device A > >(-=- can be ethernet x-over, serial back-to-back, etc) > > > >An ACL is applied on Router B's interface (applied inbound) that is > >connected to Router A. What I originally said, and continue to say, is that > >Router B will most certainly block packets (pings or whatever) coming from > >Router A...and it is irrelevant if Router A is a router or a host device. > >The ACL on Router B doesnt care if the device sending packets is a router or > >an end host device! > > > >If Router B was initiating the ping and Router B had the ACL applied, that > >would be a different story. > > > >ttyl, > >-Brad Ellis > >CCIE#5796 > >[EMAIL PROTECTED] > >used Cisco: www.optsys.net > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 08:06 PM 8/26/01, Brad Ellis wrote: > > > >Priscilla, > > > > > > > >Are you saying that pings sent by one router will not be filtered by > >another > > > >router? I beg to differ. > > > > > > Of course not. Pings sent by the router where the ACL is configured are > >not > > > affected by the ACL. Try it. > > > > > > Priscilla > > > > > > > > > >-Brad > > > > > > > >""Priscilla Oppenheimer"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > At 06:26 PM 8/26/01, Brad Ellis wrote: > > > > > >Sami, > > > > > > > > > > > >You'll need to give more info than that. The router does not care > if > > > the > > > > > >packets are originated from a host or another router. It will > filter > > > > > >packets based on packet information, ie, source address, destination > > > > > >address, port #... > > > > > > > > > > This filtering happens as part of the packet-forwarding process. > >Packets > > > > > sent by the router (such as pings) may not go through this process. > >Sorry > > > > > that I don't have the details, but I have run into surprising results > >in > > > a > > > > > lab environment when testing access lists from a router. You need to > >test > > > > > them from end hosts. > > > > > > > > > > I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody > >else > > > > > would, and I think the question bears more research. > > > > > > > > > > Priscilla > > > > > > > > > > >Are you saying the router wont filter packets originated from the > >router > > > > > >itself? How are your access-lists applied? Inbound or Outbound? > >What > > > >are > > > > > >you trying to filter? Explain your situation a little better, and > > > >include > > > > > >your access-list if you so desire. > > > > > > > > > > > >-Brad Ellis > > > > > >CCIE#5796 > > > > > >[EMAIL PROTECTED] > > > > > >used Cisco: www.optsys.net > > > > > > > > > > > >""sami natour"" wrote in message > > > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > > Hi All , > > > > > > > When I made standard access list I discoverd that it > > > > > > > prevented packets originated form PC's and host but > > > > > > > not packets originated from other routers.Any idea why > > > > > > > this will happen. > > > > > > > > > > > > > > Best Regards , > > > > > > > sami , > > > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > > > > Do You Yahoo!? > > > > > > > Make international calls for as low as $.04/minute with Yahoo! > > > >Messenger > > > > > > > http://phonecard.yahoo.com/ > > > > > ________________________ > > > > > > > > > > Priscilla Oppenheimer > > > > > http://www.priscilla.com > > > ________________________ > > > > > > Priscilla Oppenheimer > > > http://www.priscilla.com > ________________________ > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17363&t=17363 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
