Re: ISDN traffic acl definition

From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Thu Oct 06 2005 - 05:52:49 GMT-3

• Next message: McCallum, Robert: "RE: About CCIE lab"
• Previous message: Arun Arumuganainar: "Re: IPExpert Lab 40 IGP Question."
• Maybe in reply to: cscoitit cscoitit: "ISDN traffic acl definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guess, the broadcast/multicast deny statements must appear before the icmp
deny statement to achieve the desired result. Without it, any icmp traffic
destined to a multicast/broadcast address would be allowed by the icmp
permit statement.

-Venkat

On 10/5/05, Arun Arumuganainar <aarumuga@hotmail.com> wrote:
>
> Just wondering !!! if there is any need to deny broadcast and multicast
> traffic .
>
> Pls. note : Deny any any is implicitly added to all ACLs. There the
> following ACL can be interpreted as follows .
>
> acl 101 permit icmp any any
>
> This would mean permit all the ICMP traffic and deny all the other traffic
> including broadcast or Multicast .
>
> This is my 2 cents .
>
> Thanks and Regards
> Arun
>
> ----- Original Message -----
> From: "mani poopal" <mani_ccie@yahoo.com>
> To: "Javier Tomi" <fjtm@tid.es>; "cscoitit cscoitit" <cscoitit@yahoo.ca>
> Cc: <ccielab@groupstudy.com>
> Sent: Wednesday, October 05, 2005 5:23 PM
> Subject: Re: ISDN traffic acl definition
>
>
> > Hi Javier,
> >
> > If you only allow ICMP all other will be denied including multicast and
> braodcast(I don't think you have to deny broadcast keyword from dialer
> map). Once again if you stop multicast and if the ISDN is runoning a
> routing protocol(EIGRP, OSPF) how there will be neighbor relation
> ship(unless you run dialer watch)
> >
> > Mani
> >
> > Javier Tomi <fjtm@tid.es> wrote:
> > Your solution seems to me correct. Other approach could be to allow only
> > ICMP packets on the ACL and suppress the broadcast keyword on the
> > 'dialer map' statement (only if the solution is based on legacy ISDN).
> > Anyway this should be worse as the ISDN line will bring up if ICMP
> > broadcast or multicast traffic is initiated from your router to the
> > other side.
> >
> > Any thoughts?
> >
> > Javi
> >
> > cscoitit cscoitit wrote:
> >
> > > Hi,
> > >
> > >I am doing a workbook question and it asks to allow icmp and deny
> broadcast and multicast. what is the correct solution.
> > >I like to confirm whether these accomplishes the task.
> > >
> > >acl 101 permit icmp any any
> > >acl 101 deny ip any host 255.255.255.255 <http://255.255.255.255>
> > >acl 101 deny ip any 224.0.0.0 <http://224.0.0.0>
15.255.255.255<http://15.255.255.255>
> > >
> > >HTH
> > >cscoitit
> > >
> > >
> > >---------------------------------
> > >Find your next car at Yahoo! Canada Autos
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > B.ENG,MCSE,CCNP,CCSP,CCIE#14645
> > (416)431 9929
> > MANI_CCIE@YAHOO.COM
> >
> > ---------------------------------
> > Yahoo! for Good
> > Click here to donate to the Hurricane Katrina relief effort.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: McCallum, Robert: "RE: About CCIE lab"
• Previous message: Arun Arumuganainar: "Re: IPExpert Lab 40 IGP Question."
• Maybe in reply to: cscoitit cscoitit: "ISDN traffic acl definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3