Re: Packet fragmentation question...

From: Faryar Zabihi \(fzabihi\) (fzabihi@cisco.com)
Date: Thu Jul 06 2006 - 19:34:48 ART

• Next message: Sami: "Re: RIP triggered"
• Previous message: Tony Paterra: "Re: Packet fragmentation question..."
• Maybe in reply to: Tony Paterra: "Packet fragmentation question..."
• Next in thread: Petr Lapukhov: "Re: Packet fragmentation question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is actually a proctor question to see if ALL packets fragmented need to
be dropped or just nonreturn traffic

 -----Original Message-----
From: Tony Paterra [mailto:apaterra@gmail.com]
Sent: Thursday, July 06, 2006 06:29 PM Eastern Standard Time
To: Faryar Zabihi (fzabihi)
Cc: Cisco certification
Subject: Re: Packet fragmentation question...

I'm sorry can you elaborate on this?

On 7/6/06, Faryar Zabihi (fzabihi) <fzabihi@cisco.com> wrote:
> access-list 100 permit tcp any any(or web server add) eq www established
>
> Don't forget this at the beginning, for return traffic.
> Also you need 2 lines in ACL to get non-initial and initial
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/t
> iap_r/apl_a1ht.htm#wp1148147
>
>
> Faryar
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Tony Paterra
> Sent: Thursday, July 06, 2006 4:08 PM
> To: Cisco certification
> Subject: Packet fragmentation question...
>
> All, a question on packet fragmentation... How can I deny all
> fragmented packets on an interface? My first reaction was to build an
> access list along the lines of the following...
>
> access-list 100 deny ip any any fragments access-list 100 permit ip any
> any
>
> But then when I thought about it some more... I realized that this
> would still allow initial fragments through (and then catch everything
> after it with a non-zero offset). I know how to deny non-initial
> fragments (above), but I'm not sure how to handle initial fragmented
> packets. Pardon the somewhat simple question, but what defines a
> "fragmented" packet? Is it just a packet that has a non-zero offset in
> it's L3 header (i.e. inial fragments with a zero-offset are not
> considered "fragmented")?
>
> Adios,
> --
> Tony Paterra
> apaterra@gmail.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
Tony Paterra
apaterra@gmail.com

• Next message: Sami: "Re: RIP triggered"
• Previous message: Tony Paterra: "Re: Packet fragmentation question..."
• Maybe in reply to: Tony Paterra: "Packet fragmentation question..."
• Next in thread: Petr Lapukhov: "Re: Packet fragmentation question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:46 ART