Re: ISDN traffic acl definition

From: Arun Arumuganainar (aarumuga@hotmail.com)
Date: Wed Oct 05 2005 - 09:34:55 GMT-3

• Next message: Christopher M. Heffner: "RE: DLSW Switch redundancy ?"
• Previous message: mani poopal: "Re: ISDN traffic acl definition"
• Maybe in reply to: cscoitit cscoitit: "ISDN traffic acl definition"
• Next in thread: Javier Tomé: "Re: ISDN traffic acl definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just wondering !!! if there is any need to deny broadcast and multicast
traffic .

Pls. note : Deny any any is implicitly added to all ACLs. There the
following ACL can be interpreted as follows .

acl 101 permit icmp any any

This would mean permit all the ICMP traffic and deny all the other traffic
including broadcast or Multicast .

This is my 2 cents .

Thanks and Regards
Arun

----- Original Message -----
From: "mani poopal" <mani_ccie@yahoo.com>
To: "Javier Tomi" <fjtm@tid.es>; "cscoitit cscoitit" <cscoitit@yahoo.ca>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, October 05, 2005 5:23 PM
Subject: Re: ISDN traffic acl definition

> Hi Javier,
>
> If you only allow ICMP all other will be denied including multicast and
braodcast(I don't think you have to deny broadcast keyword from dialer
map). Once again if you stop multicast and if the ISDN is runoning a
routing protocol(EIGRP, OSPF) how there will be neighbor relation
ship(unless you run dialer watch)
>
> Mani
>
> Javier Tomi <fjtm@tid.es> wrote:
> Your solution seems to me correct. Other approach could be to allow only
> ICMP packets on the ACL and suppress the broadcast keyword on the
> 'dialer map' statement (only if the solution is based on legacy ISDN).
> Anyway this should be worse as the ISDN line will bring up if ICMP
> broadcast or multicast traffic is initiated from your router to the
> other side.
>
> Any thoughts?
>
> Javi
>
> cscoitit cscoitit wrote:
>
> > Hi,
> >
> >I am doing a workbook question and it asks to allow icmp and deny
broadcast and multicast. what is the correct solution.
> >I like to confirm whether these accomplishes the task.
> >
> >acl 101 permit icmp any any
> >acl 101 deny ip any host 255.255.255.255
> >acl 101 deny ip any 224.0.0.0 15.255.255.255
> >
> >HTH
> >cscoitit
> >
> >
> >---------------------------------
> >Find your next car at Yahoo! Canada Autos
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> B.ENG,MCSE,CCNP,CCSP,CCIE#14645
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Yahoo! for Good
> Click here to donate to the Hurricane Katrina relief effort.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Christopher M. Heffner: "RE: DLSW Switch redundancy ?"
• Previous message: mani poopal: "Re: ISDN traffic acl definition"
• Maybe in reply to: cscoitit cscoitit: "ISDN traffic acl definition"
• Next in thread: Javier Tomé: "Re: ISDN traffic acl definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3