From: Scott Morris (smorris@ipexpert.com)
Date: Fri Jun 08 2007 - 09:47:22 ART
Well, for starters, without a permit, your ACL will actually kill
everything, not just the source-route stuff. :)
But otherwise, in the way you have it laid out (both SR options), the two
would be identical. The "no ip source-route" command will kill ALL source
routing. But if you wanted to be more granular and allow one type but not
the other, the ACL approach would be the way to go, only denying one of
those.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor
A Cisco Learning Partner - We Accept Learning Credits!
smorris@ipexpert.com
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
nagendra kumar
Sent: Friday, June 08, 2007 8:14 AM
To: ccielab@groupstudy.com
Subject: Source routed packet
Hi All,
To drop source routed packet, Is there any difference between configuring
"no ip source-route" command and using access-list as below,
ip access-list extended SECURITY
deny ip any any option ssr
deny ip any any option lsr
Regards,
Nagendra
---------------------------------
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search.
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:47 ART