[c-nsp] IP Access-group question

Thanh_Mai at 3com.com Thanh_Mai at 3com.com
Wed Oct 25 09:21:44 EDT 2006





Is there a special reason why applying an extended access-list out an
ethernet interface to "deny ip any any"does not deny traffic originated
from that router(that interface or any other interface as in an ping
sourced from another local interface. But it does deny traffic passing
through the router out that interface as it should. I'm puzzled by this
phenomenon. I must have slept through reading this special case or
something. Can anyone shed some light into this for me?
Thanks.
-Thanh



More information about the cisco-nsp mailing list