Q about AccessList?

Dowima · August 2007

Good day everyone ,
I have configured the followings :
deny icmp host 192.168.1.2 10.1.1.0 0.0.0.255 log
deny tcp host 192.168.1.2 172.16.10.0 0.0.0.255 eq telnet log
permit ip any any

And apply it inbound on an interface!
when i ping from 192.168.1.2 to 10.1.1.1 i got a log msg from the router!
But when i ping the same address again I got nothing. if i ping another ip in the same segment i got a msg only once.
Unlike Telnet i got a msg everytime i try to connect to any Box in that segment?!

Netstudent · August 2007

try waiting 5 minutes and ping that same host again or see if the log message appears after 5min. It might log the instance. I think there is a time interval on subsequent ACL hits. This might be on standard access-lists only though. Worth a try just to see.

Dowima · August 2007

Once I got home I'll do it!!!!
But what about telnet ? everytime i try to telnet i got a msg ?

Netstudent · August 2007

Ya thats the part that has me unsure about the time interval. Maybe some ACL gurus can chime in.

Dowima · September 2007

I waited 5 and 10 min and nothing happened !!!

dtlokee · September 2007

Two things taht can be affecting your log messages, log summarization which will only create a message for the first packet, then 1 message for the packets that match access-list over the summarization period (5 mins), the other would be fast switching/CEF which will switch the frames without comparing them to the ACL because the first frame matched so subsequent ones will also match.

Q about AccessList?

Comments