so if we make cbac policy and configured to affect router traffic , and applied it inbound on the interface it will not affect the traffic sourced from the loopback (if we do not use PBR) right ? because it is not affected by the acl ? regards
Date: Sun, 24 Jun 2012 13:26:02 +0530 Subject: Re: [OSL | CCIE_Security] outbound ACL From: [email protected] To: [email protected] CC: [email protected] With PBR, it is routed from the loopback interface to the egress interface hence acl with process the traffic. But, if you ping sourced from loopback, it still considered as router self generated traffic With regards Kings On Sun, Jun 24, 2012 at 1:02 PM, waleed ' <[email protected]> wrote: why to use PBR , there is no difference if I sourced my traffic from loopback : R1-------R2 R1: f0/0 10.0.0.1 lo0 1.1.1.1 R2: f0/0 10.0.0.2 lo0 2.2.2.2 and there is outbound access-list on R2: f0/0 and if I use access-list 120 deny ip any any as outbound on R2 f0/0 , I can ping from the R2 to R1 using lo0 as source . so can you please clarify the work of PBR here ? regards Date: Sun, 24 Jun 2012 12:57:45 +0530 Subject: Re: [OSL | CCIE_Security] outbound ACL From: [email protected] To: [email protected] CC: [email protected] Use local PBR and a loopback intf should do the trick. With regards Kings On Sun, Jun 24, 2012 at 12:41 PM, waleed ' <[email protected]> wrote: is there way to make interface outbound access-list affect router traffic ? _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
