We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

463 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hi all, I labbed up transparent bridging. R1 is able to ping R3 etc and everything seems to be working, however, when i apply the access-list to the interface fa 0/1 of R2, it seems like it never gets a hit. Traffic continues to flow, there’s no dropping of traffic. any idea why???

  2. so from what i can tell, when the traffic comes back from R3, R2 only looks at the layer 2 information. Since R2 knows the frame is destined for the mac address it switches the frame at layer2. In other words, the ACL is never checked. So how rene did this lab is a mystery to me…
    I’m doing the lab in gns3 using Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(25)

  3. Hello Kam

    Pinging from R1 to R3 will work whether you have the access list applied to Fa0/1 or not, as the access list will allow traffic from R1 to R3 as well as responding traffic. Try pinging from R3 to R1 to see if the access list is blocking.

    Now it is true that the access list is applied to a layer 2 interface, however, access lists that are configured to inspect tcp, udp and icmp as is the case here will also check higher level protocols to determine if a frame can be forwarded or should be dropped.

    Let us know of your results and if need be, we can hel

    ... Continue reading in our forum

  4. Hi Lagapides

    According wording “This means that R1 and R3 will be in the same layer 2 domain.” , it mean if Braodcast strom happen from R1 then it effect with R3 right ?
    If Yes, How we limited Broadcast storm ?.
    We can configuration STORM CONTROLL BROADCAST LEVEL AS CISCO SWITCH ?

  5. Hi aujla3,

    I lab it up & I too notice access list R3-TO-R1 is not hit. CBAC also shows no traffic.
    On R2:

    interface FastEthernet0/0
     no ip address
     ip inspect CBAC in
    
    interface FastEthernet0/1
     no ip address
     ip access-group R3-TO-R1 in
    
    ip access-list extended R3-TO-R1
     deny   ip any any
    
    ip inspect name CBAC tcp
    ip inspect name CBAC udp
    ip inspect name CBAC icmp
    
    R3#ping 192.168.13.1
    
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:
    !!!!!
    
    R2#show access-list R3-TO-R1
    Extended IP access list R3-TO-R1
        10
    ... Continue reading in our forum

2 more replies! Ask a question or join the discussion by visiting our Community Forum