From: Petr Lapukhov (petrsoft@gmail.com)
Date: Sat May 27 2006 - 03:16:38 ART
Victor,
Could you please provide some toplogy information
I'm especially wondering how's that 28. and 204. networks
are assigned to the ethernets of mentioned routers, and
how you send this directed broadcasts.
Petr
2006/5/27, Victor Cappuccio <cvictor@protokolgroup.com>:
>
> Petr I do not get I
>
> I know that when I Ping I generate an ICMP Echo, and when the Receiver get
> the ICMP Echo it geneates and ICMP Echo Reply
>
> Please correct me if I'm wrong..
>
>
>
> But the pings showed are telling me the same
>
>
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:
>
> Packet sent with a source address of 28.119.16.1
>
>
>
> Reply to request 0 from 204.12.1.6, 4 ms
>
> Reply to request 0 from 204.12.1.2, 4 ms
>
>
>
> Thanks
>
> Victor.
>
>
>
>
>
>
> ------------------------------
>
> *De:* Petr Lapukhov [mailto:petrsoft@gmail.com]
> *Enviado el:* Sabado, 27 de Mayo de 2006 01:49 a.m.
> *Para:* Victor Cappuccio
> *CC:* GroupStudy CCIE
> *Asunto:* Re: Q: Vlans Maps
>
>
>
> Victor,
>
> Giving a quick look, it seems that you confuse "echo" and "echo-reply" -
> they are separate icmp packet types
>
> HTH
> Petr
>
> 2006/5/27, Victor Cappuccio <cvictor@protokolgroup.com>:
>
> Hello Guys,
>
> Playing with Vlans Maps and with this problem:
>
> Router 2 / 6 / BB3 are in the same vlan and the requirement is to do a
> Vlan
> Map to filter ICMP Echos from a determined Source Address
>
> So I found this:
>
> BB3#ping 204.12.1.2 source 28.119.16.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.2 , timeout is 2 seconds:
> Packet sent with a source address of 28.119.16.1
> .....
> Success rate is 0 percent (0/5)
>
> !!! Ok Seems that the ACE is doing the Work :)
>
> !!! But
> BB3#ping 204.12.1.255 source 28.119.17.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.255 , timeout is 2 seconds:
> Packet sent with a source address of 28.119.17.1
>
> Reply to request 0 from 204.12.1.6, 16 ms
> Reply to request 0 from 204.12.1.2, 20 ms
>
> !!! This 2 Routers are in the same vlan that the router is attached to
>
> !!!! Or if you ping at the Network Address:
>
> BB3#ping 204.12.1.0 source 28.119.17.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.0, timeout is 2 seconds:
> Packet sent with a source address of 28.119.17.1
>
> Reply to request 0 from 204.12.1.6, 4 ms
> Reply to request 0 from 204.12.1.2, 4 ms
>
>
> With this configuration
>
> Rack1Sw1#show vlan filter
> VLAN Map TEST is filtering VLANs:
> 263
> Rack1Sw1#
> Rack1Sw1#show vlan access TEST
> Vlan access-map "TEST" 10
> Match clauses:
> ip address: ACES-TASK
> Action:
> drop
> Vlan access-map "TEST" 20
> Match clauses:
> Action:
> forward
> Rack1Sw1#
> Rack1Sw1#show access-list
> Extended IP access list ACES-TASK
> 10 permit icmp 28.119.16.0 0.0.0.255 204.12.1.0 0.0.0.255 echo
> Rack1Sw1#
>
>
> Please could anyone tell me WHY the echo sent to the network or to the
> broadcast address are getting an echo-rely, and if you ping to the
> interfaces Addresses (or any host address) they are access-controlled by
> the
> Vlan Filter?
>
> Thanks
> Victor.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART