Outing ACLs and ping
I have a question regarding issuing troubleshooting commands from a route and outgoing ACLs
Why does the ping traffic still make it out the interface?
@Douglas-Stanley said in Outing ACLs and ping:
I have a question regarding issuing troubleshooting commands from a route and outgoing ACLs
- I set an outgoing ACL on a router's interface that blocks all traffic
- I then connect to the router and use a ping command (or similar troubleshooting command) to an address that lies out the interface I just applied the ACL to.
- The ping succeeds even though I have set the ACL that blocks all outbound traffic
Why does the ping traffic still make it out the interface?
Great Question! The answer lies in your step 2. You connect to the router to issue a ping. The most unusual nature of ACLs is that they work on traffic going THROUGH the router but not necessarily traffic FROM the router. So it's the source that is at issue with your situation. I suggest you try sending the ping from a machine plugged into the router that sends traffic THROUGH the router. I believe this will solve your issue.
If that doesn't work, please copy and paste router config section with the ACL and we'll try to troubleshoot it. Thanks for being a member!
With no further posting on this topic, I have marked this as being answered.
