Router ping Commands Bypass Outgoing ACL Logic
When you issue the ping command on the router, you must think about a quirk of how Cisco IOS works: Routers do not filter packets they create themselves. For example, imagine that a user connects to R1’s CLI using SSH. At that point, the user issues a ping command for S1. The packets flow from R1 to S1 and back again. However, R1, having created the ICMP Echo Request messages, bypasses its own outgoing ACL logic of ACL A. The idea is that a user on R1 would not intend to filter its own packets, so R1 chooses to not filter the packets created by the ping command issued on R1.
Figure B-10 summarizes these ideas. Router R1 pings server S1. ACL A still exists as an outgoing ACL on Router R1. However, ...
Get Cisco CCNA Routing and Switching ICND2 200-101 Official Cert Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
