Re: [OSL | CCIE_Security] outbound ACL

Sun, 24 Jun 2012 11:11:34 -0700 

In any case, it should be the PBR applied on the global configurion mode, that 
is the one that affects the router traffic...Or cControl plane....
 

Date: Sun, 24 Jun 2012 13:26:02 +0530
From: kingsley.char...@gmail.com
To: walleed...@hotmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] outbound ACL

With PBR, it is routed from the loopback interface to the egress interface 
hence acl with process the traffic. 

But, if you ping sourced from loopback, it still considered as router self 
generated traffic

With regards


Kings

On Sun, Jun 24, 2012 at 1:02 PM, waleed ' <walleed...@hotmail.com> wrote:






why to use PBR , there is no difference if  I sourced my traffic from loopback :


R1-------R2



R1:  f0/0 10.0.0.1   lo0 1.1.1.1 
R2: f0/0  10.0.0.2   lo0 2.2.2.2


and there is outbound access-list on R2: f0/0   and if I use access-list 120 
deny ip any any as outbound on R2 f0/0 , I can ping from the R2 to R1 using lo0 
as source . so can you please clarify the work of PBR here ? 



regards

Date: Sun, 24 Jun 2012 12:57:45 +0530
Subject: Re: [OSL | CCIE_Security] outbound ACL
From: kingsley.char...@gmail.com


To: walleed...@hotmail.com
CC: ccie_security@onlinestudylist.com


Use local PBR and a loopback intf should do the trick.

With regards
Kings

On Sun, Jun 24, 2012 at 12:41 PM, waleed ' <walleed...@hotmail.com> wrote:







is there  way  to make  interface outbound access-list  affect router traffic ? 
                                          

_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com



Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

                                          



_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to