Re: Q. Initial fragments

From: sabrina pittarel (sabri_esame@yahoo.com)
Date: Tue Sep 05 2006 - 18:32:45 ART

• Next message: Paul Dardinski: "RE: Q. Initial fragments"
• Previous message: sabrina pittarel: "Re: Q. Initial fragments"
• Maybe in reply to: sabrina pittarel: "Q. Initial fragments"
• Next in thread: Paul Dardinski: "RE: Q. Initial fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Small correction in my previous sentence:
 
 "But from the feeling of it looks like the router will try to get all fragments before forwarding them.
  So if I put an ingress ACL that drops all *NON INITIAL* "ingress" fragments and I enable virtual reassembly, then even if the initial fragment will make it through the the ACL it will be dropped after a while because the whole packet could not virtually reassembled"
   
 Sabrina
 
----- Original Message ----
From: sabrina pittarel <sabri_esame@yahoo.com>
To: Tony Paterra <apaterra@gmail.com>
Cc: ccielab@groupstudy.com; jeffryanwn@hotmail.com; Pierre-Alex <paguanel@hotmail.com>; Victor Cappuccio <cvictor@protokolgroup.com>; Chris Broadway <midatlanticnet@gmail.com>
Sent: Tuesday, September 5, 2006 2:21:13 PM
Subject: Re: Q. Initial fragments

Sound promising.
 I'll read it in detail this evening.
 
 But from the feeling of it looks like the router will try to get all fragments before forwarding them.
 So if I put an ingress ACL that drops all "ingress" fragments and I enable virtual reassembly, then even if the initial fragment will make it through the the ACL it will be dropped after a while because the whole packet could not virtually reassembled.
  
 Sabrina

----- Original Message ----
From: Tony Paterra <apaterra@gmail.com>
To: sabrina pittarel <sabri_esame@yahoo.com>
Cc: ccielab@groupstudy.com
Sent: Tuesday, September 5, 2006 12:41:42 PM
Subject: Re: Q. Initial fragments

Sabrina,
Check out the virtual-reassembly feature... It's enabled under an interface as:
'ip virtual-reassembly'

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gt_vfrag.htm

On 9/5/06, sabrina pittarel <sabri_esame@yahoo.com> wrote:
> Hi,
> we all know that an ACL can block non initial fragments, but is there a way to configure your router to block initial fragments as well?
>
> Sabrina
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Tony Paterra
apaterra@gmail.com

• Next message: Paul Dardinski: "RE: Q. Initial fragments"
• Previous message: sabrina pittarel: "Re: Q. Initial fragments"
• Maybe in reply to: sabrina pittarel: "Q. Initial fragments"
• Next in thread: Paul Dardinski: "RE: Q. Initial fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART