Hi, On Thu, Jan 07, 2010 at 12:02:48PM +1100, Andy Saykao wrote: > I have what seems like a trivial problem but can't figure out what's > causing it. > > I am trying to SSH from Host A (210.15.210.x) to Host B (203.12.53.x). > Host B is in VLAN2 and there's an ACL on VLAN2 that denies external IP's > from accessing it. > > What I'm finding is that when I apply the ACL (VLAN2-FILTER-OUT ) to > VLAN2, it takes a very long time for the SSH login promtp to appear. If > I remove the ACL on VLAN2, the SSH prompt is instantaneous. What's going > on with my ACL??? Why the lag for the SSH prompt to appear?
Seems you've killed DNS from Host B.
Rule #1 with ACLs: if you can't figure out why it's affecting stuff, put
a "deny ip any any log" at the end, and look at the log to see what is
being dropped.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpOznww1uWhG.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
