ACLs and fragments

From: nenad pudar (nenad.pudar@gmail.com)
Date: Sun Dec 04 2005 - 16:20:39 GMT-3

• Next message: Gustavo Novais: "No traffic on trunk without vlan header."
• Previous message: Imal kalutotage: "Re: Controling mutual redistribution loops"
• Next in thread: my-ccie-test@libero.it: "Re: ACLs and fragments"
• Maybe reply: my-ccie-test@libero.it: "Re: ACLs and fragments"
• Maybe reply: Ian Stong: "RE: ACLs and fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi guys

 I need a little bit of help about ACLs and fragments.
I understand how non-intial fragments pass the configured ACLs and how it
possibly breaks policy routing etc.
However in few Cisco documents (quite unclear) I found that beginning with
version 12.0(or 1) with new ACL code the non-initial fragments will be able
to pass an ACL only if the specific TCP port they are using is allowed
somewhere in ACL ,otherwise they are dropped.

Is this teh case and if yes then we do not need to worry about fragments any
more ????

thanks
nenad

• Next message: Gustavo Novais: "No traffic on trunk without vlan header."
• Previous message: Imal kalutotage: "Re: Controling mutual redistribution loops"
• Next in thread: my-ccie-test@libero.it: "Re: ACLs and fragments"
• Maybe reply: my-ccie-test@libero.it: "Re: ACLs and fragments"
• Maybe reply: Ian Stong: "RE: ACLs and fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3