Re: Source routed packet

From: Ben (bmunyao@gmail.com)
Date: Sun Jun 17 2007 - 14:22:33 ART

• Next message: Narbik Kocharians: "Re: Source routed packet"
• Previous message: Danshtr: "Re: Burssels LAB spoiled choice!!!"
• Maybe in reply to: nagendra kumar: "Source routed packet"
• Next in thread: Narbik Kocharians: "Re: Source routed packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Nagendra, Scott

Could you point me to the relevant Cisco documentation describing the
ssr/lsr ACL options below? I couldn't find these options in the 12.4 command
reference, config guide.

> ip access-list extended SECURITY
> deny ip any any option ssr
> deny ip any any option lsr

Thanks

Ben

On 6/8/07 3:47 PM, "Scott Morris" <smorris@ipexpert.com> wrote:

> Well, for starters, without a permit, your ACL will actually kill
> everything, not just the source-route stuff. :)
>
> But otherwise, in the way you have it laid out (both SR options), the two
> would be identical. The "no ip source-route" command will kill ALL source
> routing. But if you wanted to be more granular and allow one type but not
> the other, the ACL approach would be the way to go, only denying one of
> those.
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
> #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> A Cisco Learning Partner - We Accept Learning Credits!
>
> smorris@ipexpert.com
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> nagendra kumar
> Sent: Friday, June 08, 2007 8:14 AM
> To: ccielab@groupstudy.com
> Subject: Source routed packet
>
> Hi All,
>
> To drop source routed packet, Is there any difference between configuring
> "no ip source-route" command and using access-list as below,
>
> ip access-list extended SECURITY
> deny ip any any option ssr
> deny ip any any option lsr
>
> Regards,
> Nagendra
>
>
>
> ---------------------------------
> Luggage? GPS? Comic books?
> Check out fitting gifts for grads at Yahoo! Search.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Narbik Kocharians: "Re: Source routed packet"
• Previous message: Danshtr: "Re: Burssels LAB spoiled choice!!!"
• Maybe in reply to: nagendra kumar: "Source routed packet"
• Next in thread: Narbik Kocharians: "Re: Source routed packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART