Outing ACLs and ping
I have a question regarding issuing troubleshooting commands from a route and outgoing ACLs
Why does the ping traffic still make it out the interface?
@Douglas-Stanley said in Outing ACLs and ping:
I have a question regarding issuing troubleshooting commands from a route and outgoing ACLs
- I set an outgoing ACL on a router's interface that blocks all traffic
- I then connect to the router and use a ping command (or similar troubleshooting command) to an address that lies out the interface I just applied the ACL to.
- The ping succeeds even though I have set the ACL that blocks all outbound traffic
Why does the ping traffic still make it out the interface?
Great Question! The answer lies in your step 2. You connect to the router to issue a ping. The most unusual nature of ACLs is that they work on traffic going THROUGH the router but not necessarily traffic FROM the router. So it's the source that is at issue with your situation. I suggest you try sending the ping from a machine plugged into the router that sends traffic THROUGH the router. I believe this will solve your issue.
If that doesn't work, please copy and paste router config section with the ACL and we'll try to troubleshoot it. Thanks for being a member!
Cordially,
Ronnie Wong
Edutainer, ITProTV
*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team.
With no further posting on this topic, I have marked this as being answered.
Cordially,
Ronnie Wong
Edutainer, ITProTV
*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team.
