RE: Q: Vlans Maps

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Sat May 27 2006 - 03:02:53 ART

• Next message: Victor Cappuccio: "RE: Q: Vlans Maps"
• Previous message: Jai Prakash: "Re: Q: Vlans Maps"
• Maybe in reply to: Victor Cappuccio: "Q: Vlans Maps"
• Next in thread: Victor Cappuccio: "RE: Q: Vlans Maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Petr I do not get I

I know that when I Ping I generate an ICMP Echo, and when the Receiver get
the ICMP Echo it geneates and ICMP Echo Reply

Please correct me if Im wrong..

But the pings showed are telling me the same

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:

Packet sent with a source address of 28.119.16.1

Reply to request 0 from 204.12.1.6, 4 ms

Reply to request 0 from 204.12.1.2, 4 ms

Thanks

Victor.

  _____

De: Petr Lapukhov [mailto:petrsoft@gmail.com]
Enviado el: Sabado, 27 de Mayo de 2006 01:49 a.m.
Para: Victor Cappuccio
CC: GroupStudy CCIE
Asunto: Re: Q: Vlans Maps

Victor,

Giving a quick look, it seems that you confuse "echo" and "echo-reply" -
they are separate icmp packet types

HTH
Petr

2006/5/27, Victor Cappuccio <cvictor@protokolgroup.com>:

Hello Guys,

Playing with Vlans Maps and with this problem:

Router 2 / 6 / BB3 are in the same vlan and the requirement is to do a Vlan
Map to filter ICMP Echos from a determined Source Address

So I found this:

BB3#ping 204.12.1.2 source 28.119.16.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.2 <http://204.12.1.2> , timeout
is 2 seconds:
Packet sent with a source address of 28.119.16.1
.....
Success rate is 0 percent (0/5)

!!! Ok Seems that the ACE is doing the Work :)

!!! But
BB3#ping 204.12.1.255 source 28.119.17.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.255 <http://204.12.1.255> ,
timeout is 2 seconds:
Packet sent with a source address of 28.119.17.1

Reply to request 0 from 204.12.1.6, 16 ms
Reply to request 0 from 204.12.1.2, 20 ms

!!! This 2 Routers are in the same vlan that the router is attached to

!!!! Or if you ping at the Network Address:

BB3#ping 204.12.1.0 source 28.119.17.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:
Packet sent with a source address of 28.119.17.1

Reply to request 0 from 204.12.1.6, 4 ms
Reply to request 0 from 204.12.1.2, 4 ms

With this configuration

Rack1Sw1#show vlan filter
VLAN Map TEST is filtering VLANs:
  263
Rack1Sw1#
Rack1Sw1#show vlan access TEST
Vlan access-map "TEST" 10
  Match clauses:
    ip address: ACES-TASK
  Action:
    drop
Vlan access-map "TEST" 20
  Match clauses:
  Action:
    forward
Rack1Sw1#
Rack1Sw1#show access-list
Extended IP access list ACES-TASK
    10 permit icmp 28.119.16.0 0.0.0.255 204.12.1.0 0.0.0.255 echo
Rack1Sw1#

Please could anyone tell me WHY the echo sent to the network or to the
broadcast address are getting an echo-rely, and if you ping to the
interfaces Addresses (or any host address) they are access-controlled by the
Vlan Filter?

Thanks
Victor.

• Next message: Victor Cappuccio: "RE: Q: Vlans Maps"
• Previous message: Jai Prakash: "Re: Q: Vlans Maps"
• Maybe in reply to: Victor Cappuccio: "Q: Vlans Maps"
• Next in thread: Victor Cappuccio: "RE: Q: Vlans Maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART