CBAC router-traffic option

From: Ian Blaney (ian.blaney@gmail.com)
Date: Sat Jan 20 2007 - 10:48:10 ART

• Next message: Alexei Monastyrnyi: "Re: OT: MEM-C6K-ATA-1-64M="
• Previous message: Ian Blaney: "dot1x port-control"
• Next in thread: Vincent Mashburn: "RE: CBAC router-traffic option"
• Maybe reply: Vincent Mashburn: "RE: CBAC router-traffic option"
• Maybe reply: Ian Blaney: "Re: CBAC router-traffic option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

What is the purpose of the router-traffic option in CBACs ip inspect name
command? From the documentation

(Optional) Enables inspection of traffic destined to or originated
from a router. Applicable only for H.323, TCP, and UDP protocols.
For the command format, see the Note after Table 26.

Note The TCP, UDP, and H.323 protocols support the router-traffic keyword,
which enables
inspection of traffic destined to or originated from a router. The command
format is as follows:
ip inspect name inspection-name {TCP | UDP | H323} [alert {on | off}]
[audit-trail {on |
off}][router-traffic][timeout seconds]

If I understand correctly, it would not be necessary to config a filter, for
example, return telnet traffic from a telnet session directly from the
router as this would be done automatically by CBAC. What about routing
protocol traffic eg OSPF and EIGRP?

Thanks
Ian

• Next message: Alexei Monastyrnyi: "Re: OT: MEM-C6K-ATA-1-64M="
• Previous message: Ian Blaney: "dot1x port-control"
• Next in thread: Vincent Mashburn: "RE: CBAC router-traffic option"
• Maybe reply: Vincent Mashburn: "RE: CBAC router-traffic option"
• Maybe reply: Ian Blaney: "Re: CBAC router-traffic option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART