Q about AccessList?
Dowima
Inactive Imported Users Posts: 40 ■■□□□□□□□□
in CCNA & CCENT
Good day everyone ,
I have configured the followings :
deny icmp host 192.168.1.2 10.1.1.0 0.0.0.255 log
deny tcp host 192.168.1.2 172.16.10.0 0.0.0.255 eq telnet log
permit ip any any
And apply it inbound on an interface!
when i ping from 192.168.1.2 to 10.1.1.1 i got a log msg from the router!
But when i ping the same address again I got nothing. if i ping another ip in the same segment i got a msg only once.
Unlike Telnet i got a msg everytime i try to connect to any Box in that segment?!
I have configured the followings :
deny icmp host 192.168.1.2 10.1.1.0 0.0.0.255 log
deny tcp host 192.168.1.2 172.16.10.0 0.0.0.255 eq telnet log
permit ip any any
And apply it inbound on an interface!
when i ping from 192.168.1.2 to 10.1.1.1 i got a log msg from the router!
But when i ping the same address again I got nothing. if i ping another ip in the same segment i got a msg only once.
Unlike Telnet i got a msg everytime i try to connect to any Box in that segment?!
CCIE ,
I'll get you .
I'll get you .
Comments
-
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
try waiting 5 minutes and ping that same host again or see if the log message appears after 5min. It might log the instance. I think there is a time interval on subsequent ACL hits. This might be on standard access-lists only though. Worth a try just to see.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
-
Dowima
Inactive Imported Users Posts: 40 ■■□□□□□□□□
Once I got home I'll do it!!!!
But what about telnet ? everytime i try to telnet i got a msg ?CCIE ,
I'll get you . -
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
Ya thats the part that has me unsure about the time interval. Maybe some ACL gurus can chime in.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
-
Dowima
Inactive Imported Users Posts: 40 ■■□□□□□□□□
I waited 5 and 10 min and nothing happened !!!CCIE ,
I'll get you . -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Two things taht can be affecting your log messages, log summarization which will only create a message for the first packet, then 1 message for the packets that match access-list over the summarization period (5 mins), the other would be fast switching/CEF which will switch the frames without comparing them to the ACL because the first frame matched so subsequent ones will also match.The only easy day was yesterday!