Re: ISDN traffic acl definition

From: Javier Tomé (fjtm@tid.es)
Date: Thu Oct 06 2005 - 01:36:15 GMT-3

• Next message: JP: "networkers 2005"
• Previous message: Niche: "Re: OSPF routing loop"
• Maybe in reply to: cscoitit cscoitit: "ISDN traffic acl definition"
• Next in thread: Venkataramanaiah.R: "Re: ISDN traffic acl definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Mani,

For almost any routing protocol (but ISIS I guess) you can establish
neighbor relationships using only unicast. Anyway I have realized that I
misunderstood the requirements. My approach was made considering

1.- Only ICMP traffic allowed to bring the link up.
2.- Broadcast and multicast traffic not allowed on the link.

My fault, sorry.

Regards

Javi Tomi

mani poopal wrote:

>Hi Javier,
>
>If you only allow ICMP all other will be denied including multicast and braodcast(I don't think you have to deny broadcast keyword from dialer map). Once again if you stop multicast and if the ISDN is runoning a routing protocol(EIGRP, OSPF) how there will be neighbor relation ship(unless you run dialer watch)
>
>Mani
>
>Javier Tomi <fjtm@tid.es> wrote:
>Your solution seems to me correct. Other approach could be to allow only
>ICMP packets on the ACL and suppress the broadcast keyword on the
>'dialer map' statement (only if the solution is based on legacy ISDN).
>Anyway this should be worse as the ISDN line will bring up if ICMP
>broadcast or multicast traffic is initiated from your router to the
>other side.
>
>Any thoughts?
>
>Javi
>
>cscoitit cscoitit wrote:
>
>
>
>>Hi,
>>
>>I am doing a workbook question and it asks to allow icmp and deny broadcast and multicast. what is the correct solution.
>>I like to confirm whether these accomplishes the task.
>>
>>acl 101 permit icmp any any
>>acl 101 deny ip any host 255.255.255.255
>>acl 101 deny ip any 224.0.0.0 15.255.255.255
>>
>>HTH
>>cscoitit
>>
>>
>>---------------------------------
>>Find your next car at Yahoo! Canada Autos
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>B.ENG,MCSE,CCNP,CCSP,CCIE#14645
>(416)431 9929
>MANI_CCIE@YAHOO.COM
>
>---------------------------------
>Yahoo! for Good
> Click here to donate to the Hurricane Katrina relief effort.
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: JP: "networkers 2005"
• Previous message: Niche: "Re: OSPF routing loop"
• Maybe in reply to: cscoitit cscoitit: "ISDN traffic acl definition"
• Next in thread: Venkataramanaiah.R: "Re: ISDN traffic acl definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3