Re: Extended ACL to permit GRE traffic.. from karim jamali on 2010-03-01 (Ccielab archives 03/2010)

From: karim jamali <karim.jamali_at_gmail.com>
Date: Mon, 1 Mar 2010 11:23:58 +0300

Hi Jitendra,

The fact is that GRE is IP Protocol 47, thus by allowing IP you are allowing
all the subsets one of which is GRE, another is OSPF/EIGRP...etc

Best Regards,

Best Regards,
On Mon, Mar 1, 2010 at 11:15 AM, Jitendra Anbu
<Jitendra.Anbu_at_optus.com.au>wrote:

> Great example - thanks.
>
> Jit
> ________________________________
> From: ccie study [cciestudy_at_hotmail.com]
> Sent: Monday, 1 March 2010 2:16 PM
> To: Jitendra Anbu; ccielab_at_groupstudy.com
> Subject: RE: Extended ACL to permit GRE traffic..
>
> Yes IP will permit it. Using GRE will make sure that you only restrict this
> to
> GRE vs other IP related protocols such as UDP or TCP ports which your first
> ACL allows through.
>
> You can always test! ex: create ACL and watch your counters:
>
> permit ip host x host y log
> permit gre host x host x log
> permit ip any any
>
> reverse it to validate...
>
> permit gre host x host x log
> permit ip host x host y log
> permit ip any any log
>
>
> -J
>
> > From: Jitendra.Anbu_at_optus.com.au
> > To: ccielab_at_groupstudy.com
> > Date: Mon, 1 Mar 2010 13:49:11 +1100
> > Subject: Extended ACL to permit GRE traffic..
> >
> > Hi All,
> >
> > If you create a Extended ACL as;
> >
> > ip access-list extended TUNNEL
> > permit ip host 203.208.174.93 host 85.115.65.7
> >
> > Would this permit GRE traffic - for example?
> >
> > OR
> >
> > do I need this to permit GRE;
> >
> > ip access-list extended TUNNEL
> > permit gre host 203.208.174.93 host 85.115.65.7
> >
> > Thank you.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> ________________________________
> Hotmail: Free, trusted and rich email service. Get it
> now.<http://clk.atdmt.com/GBL/go/201469228/direct/01/>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
KJ
Blogs and organic groups at http://www.ccie.net

Received on Mon Mar 01 2010 - 11:23:58 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART