Re: Q: Vlans Maps

From: Jai Prakash (jpjsr06@gmail.com)
Date: Sat May 27 2006 - 02:49:48 ART

• Next message: Victor Cappuccio: "RE: Q: Vlans Maps"
• Previous message: Petr Lapukhov: "Re: Q: Vlans Maps"
• Maybe in reply to: Victor Cappuccio: "Q: Vlans Maps"
• Next in thread: Victor Cappuccio: "RE: Q: Vlans Maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

  Pls, check your ACCESS-LIST statement , which is mapping only single
network i.e 28.119.16.0/24.

Extended IP access list ACES-TASK
   10 permit icmp 28.119.16.0 0.0.0.255 204.12.1.0 0.0.0.255 echo

If you want to see the same result from 28.119.17.0/24 network ,you have to
change the subnetmask as 0.0.1.255.

Correct me, if I m wrong.

Best Regards,
Jai

On 5/27/06, Victor Cappuccio <cvictor@protokolgroup.com> wrote:
>
> Hello Guys,
>
> Playing with Vlans Maps and with this problem:
>
> Router 2 / 6 / BB3 are in the same vlan and the requirement is to do a
> Vlan
> Map to filter ICMP Echos from a determined Source Address
>
> So I found this:
>
> BB3#ping 204.12.1.2 source 28.119.16.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.2, timeout is 2 seconds:
> Packet sent with a source address of 28.119.16.1
> .....
> Success rate is 0 percent (0/5)
>
> !!! Ok Seems that the ACE is doing the Work :)
>
> !!! But
> BB3#ping 204.12.1.255 source 28.119.17.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.255, timeout is 2 seconds:
> Packet sent with a source address of 28.119.17.1
>
> Reply to request 0 from 204.12.1.6, 16 ms
> Reply to request 0 from 204.12.1.2, 20 ms
>
> !!! This 2 Routers are in the same vlan that the router is attached to
>
> !!!! Or if you ping at the Network Address:
>
> BB3#ping 204.12.1.0 source 28.119.17.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:
> Packet sent with a source address of 28.119.17.1
>
> Reply to request 0 from 204.12.1.6, 4 ms
> Reply to request 0 from 204.12.1.2, 4 ms
>
>
> With this configuration
>
> Rack1Sw1#show vlan filter
> VLAN Map TEST is filtering VLANs:
> 263
> Rack1Sw1#
> Rack1Sw1#show vlan access TEST
> Vlan access-map "TEST" 10
> Match clauses:
> ip address: ACES-TASK
> Action:
> drop
> Vlan access-map "TEST" 20
> Match clauses:
> Action:
> forward
> Rack1Sw1#
> Rack1Sw1#show access-list
> Extended IP access list ACES-TASK
> 10 permit icmp 28.119.16.0 0.0.0.255 204.12.1.0 0.0.0.255 echo
> Rack1Sw1#
>
>
> Please could anyone tell me WHY the echo sent to the network or to the
> broadcast address are getting an echo-rely, and if you ping to the
> interfaces Addresses (or any host address) they are access-controlled by
> the
> Vlan Filter?
>
> Thanks
> Victor.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Victor Cappuccio: "RE: Q: Vlans Maps"
• Previous message: Petr Lapukhov: "Re: Q: Vlans Maps"
• Maybe in reply to: Victor Cappuccio: "Q: Vlans Maps"
• Next in thread: Victor Cappuccio: "RE: Q: Vlans Maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART