From: John Matus (jmatus@pacbell.net)
Date: Tue Jun 21 2005 - 00:55:55 GMT-3
being a philosphy major in college <wonders that did for my marketability>,
i really despize socratic method/dialogue!!! :-p
it would be great if we all had labs to just "test stuff out on" hehehe
Regards,
John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "Brian Dennis" <bdennis@internetworkexpert.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Monday, June 20, 2005 3:37 PM
Subject: RE: icmp - time-exceeded vs ttl-exceeded
> Tim,
> Did you think about trying the options out?
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Monday, June 20, 2005 3:25 PM
> To: Brian Dennis; 'Group Study'
> Subject: RE: icmp - time-exceeded vs ttl-exceeded
>
> Hi Brian,
>
> As you suggested I did look through the archives and found some
> interesting
> things that refreshed my memory about reflexive acl's and Traceroute in
> general.
>
> But, none of the posts I could find talked about the difference between
> time-exceeded vs ttl-exceeded.
>
> I accept the fact that I need to permit time-exceeded to fulfill the
> tasks
> in IE lab 2 and 3, but I'm still curious as to the difference between
> these
> 2 icmp options.
>
> My hope is that if I really knew the difference, it would be easier to
> remember which one to use under the pressure of the lab.
>
> Thanks, Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Brian Dennis
> Sent: Monday, June 20, 2005 5:31 PM
> To: ccie2be; Group Study
> Subject: RE: icmp - time-exceede vs ttl-exceeded
>
> Tim,
> You should search the archive as there was a long discussion on
> this topic about a year ago. Also as far as using the traceroute option
> for the ICMP type, if you understand how traceroute works you'll know
> why you don't use it.
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ccie2be
> Sent: Monday, June 20, 2005 2:02 PM
> To: Group Study
> Subject: icmp - time-exceede vs ttl-exceeded
>
> Hi guys,
>
> Let's assume I want to configure a reflexive acl which allows Traceroute
> packets back in.
>
> I'm trying to make sure I select the correct icmp type packet to allow
> back-in. But, when I do the following I see lots of options.
>
> R5(config)#access-list 101 perm icmp any any ?
> <0-255> ICMP message type
> administratively-prohibited Administratively prohibited
> alternate-address Alternate address
> conversion-error Datagram conversion
> dod-host-prohibited Host prohibited
> dod-net-prohibited Net prohibited
> dscp Match packets with given dscp value
> echo Echo (ping)
> echo-reply Echo reply
> fragments Check non-initial fragments
> general-parameter-problem Parameter problem
> host-isolated Host isolated
> host-precedence-unreachable Host unreachable for precedence
> host-redirect Host redirect
> host-tos-redirect Host redirect for TOS
> host-tos-unreachable Host unreachable for TOS
> host-unknown Host unknown
> host-unreachable Host unreachable
> information-reply Information replies
> information-request Information requests
> log Log matches against this entry
> log-input Log matches against this entry, including
> input
> interface
> mask-reply Mask replies
> mask-request Mask requests
> mobile-redirect Mobile host redirect
> net-redirect Network redirect
> net-tos-redirect Net redirect for TOS
> net-tos-unreachable Network unreachable for TOS
> net-unreachable Net unreachable
> network-unknown Network unknown
> no-room-for-option Parameter required but no room
> option-missing Parameter required but not present
> packet-too-big Fragmentation needed and DF set
> parameter-problem All parameter problems
> port-unreachable Port unreachable
> precedence Match packets with given precedence value
> precedence-unreachable Precedence cutoff
> protocol-unreachable Protocol unreachable
> reassembly-timeout Reassembly timeout
> redirect All redirects
> router-advertisement Router discovery advertisements
> router-solicitation Router discovery solicitations
> source-quench Source quenches
> source-route-failed Source route failed
>
>
> time-exceeded All time exceededs <-----
> **************
>
>
> time-range Specify a time-range
> timestamp-reply Timestamp replies
> timestamp-request Timestamp requests
> tos Match packets with given TOS value
>
>
> traceroute Traceroute
> <-----------#############
>
>
> ttl-exceeded TTL exceeded
> <-------------*****************
>
>
>
> unreachable All unreachables
> <cr>
>
>
> Notice how similar the 2 "starred" options look. What's the difference
> between these 2 options?
>
> Also, if I need to allow Traceroute back-in, why wouldn't I use the
> traceroute option?
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3