RE: Q: Vlans Maps

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Sat May 27 2006 - 02:46:53 ART

Sorry the corrects ping are

BB3#ping 204.12.1.0 source 28.119.16.1 !!NOT 17

                                                                         
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:
Packet sent with a source address of 28.119.16.1
                                                                         
Reply to request 0 from 204.12.1.6, 4 ms
Reply to request 0 from 204.12.1.2, 4 ms

                               
BB3#ping 204.12.1.255 source 28.119.16.1
                                                                         
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.255, timeout is 2 seconds:
Packet sent with a source address of 28.119.16.1
                                                                         
Reply to request 0 from 204.12.1.6, 4 ms
Reply to request 0 from 204.12.1.2, 8 ms

Anyways seems not to be working for me

Thanks again and sorry for the SPAM

Victor.-

-----Mensaje original-----
De: Victor Cappuccio [mailto:cvictor@protokolgroup.com]
Enviado el: Sabado, 27 de Mayo de 2006 12:23 a.m.
Para: 'GroupStudy CCIE'
Asunto: Q: Vlans Maps

Hello Guys,

Playing with Vlans Maps and with this problem:

Router 2 / 6 / BB3 are in the same vlan and the requirement is to do a Vlan
Map to filter ICMP Echos from a determined Source Address

So I found this:

BB3#ping 204.12.1.2 source 28.119.16.1
                                                                      
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.2, timeout is 2 seconds:
Packet sent with a source address of 28.119.16.1
.....
Success rate is 0 percent (0/5)

!!! Ok Seems that the ACE is doing the Work :)

!!! But
BB3#ping 204.12.1.255 source 28.119.17.1
                         
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.255, timeout is 2 seconds:
Packet sent with a source address of 28.119.17.1
                                                                      
Reply to request 0 from 204.12.1.6, 16 ms
Reply to request 0 from 204.12.1.2, 20 ms

!!! This 2 Routers are in the same vlan that the router is attached to

!!!! Or if you ping at the Network Address:

BB3#ping 204.12.1.0 source 28.119.17.1
                                                                      
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:
Packet sent with a source address of 28.119.17.1
                                                                      
Reply to request 0 from 204.12.1.6, 4 ms
Reply to request 0 from 204.12.1.2, 4 ms

With this configuration

Rack1Sw1#show vlan filter
VLAN Map TEST is filtering VLANs:
  263
Rack1Sw1#
Rack1Sw1#show vlan access TEST
Vlan access-map "TEST" 10
  Match clauses:
    ip address: ACES-TASK
  Action:
    drop
Vlan access-map "TEST" 20
  Match clauses:
  Action:
    forward
Rack1Sw1#
Rack1Sw1#show access-list
Extended IP access list ACES-TASK
    10 permit icmp 28.119.16.0 0.0.0.255 204.12.1.0 0.0.0.255 echo
Rack1Sw1#

Please could anyone tell me WHY the echo sent to the network or to the
broadcast address are getting an echo-rely, and if you ping to the
interfaces Addresses (or any host address) they are access-controlled by the
Vlan Filter?

Thanks
Victor.

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART