[c-nsp] Prevent traffic originated from the router usingaccess-list

Ozgur Guler ozgur11 at gmail.com
Wed Jun 27 08:22:15 EDT 2007 

It works.
Just try it in the lab ...



On 6/27/07, Jeff Tantsura <jeff.tantsura at sscplus.nl > wrote:
>
> Hi,
>
> It's not going to work, you'd only match on transit traffic, in order to
> match on locally generated traffic you should use local PBR ie:
> ip local policy route-map BLAH
>
> Jeff
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Ozgur Guler
> > Sent: woensdag 27 juni 2007 13:55
> > To: Vikas Sharma
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Prevent traffic originated from the router
> > usingaccess-list
> >
> > You can drop the relevant traffic with a simple policy-map by applying
> it
> > to
> > an outgoing interface ...
> >
> > R2#sh policy-map
> >   Policy Map X
> >     Class x
> >       drop
> >     Class class-default
> >
> >
> > On 6/27/07, Vikas Sharma < vikassharmas at gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > How can I stop traffic originated from local router e.g. from loopback
> > > interface of router to go any where?
> > >
> > > I tried with ACL but it permits the traffic as access-list only stop
> > > traffic
> > > passing through the router not originated from the router.
> > >
> > > =========
> > > access-list 101 deny ip host 192.168.5.254 any
> > > access-list 101 permit any any
> > >
> > > ip access-group 101 out
> > > =========
> > >
> > > Using below conf i am able to achieve the objective. In that I have
> > > changed
> > > the sourse and destination. Thats correct.
> > >
> > > But I wanted to know can I achieve the same result using sourse as
> > > loopback?
> > >
> > > working conf -
> > > ===========
> > > access-list 102 deny ip any host 192.168.5.254
> > > access-list 102 permit ip any any
> > >
> > > ip access-group 102 in
> > > ==============
> > >
> > >
> > >
> > > THanks
> > > Vikas Sharma
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list   cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list