Re: Source routed packet

From: Narbik Kocharians (narbikk@gmail.com)
Date: Sun Jun 17 2007 - 14:49:11 ART

• Next message: Muhammad Nasim: "Re: quick private vlan question"
• Previous message: Ben: "Re: Source routed packet"
• Maybe in reply to: nagendra kumar: "Source routed packet"
• Next in thread: Ben: "Re: Source routed packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtipofil.pdf

On 6/17/07, Ben <bmunyao@gmail.com> wrote:
>
> Nagendra, Scott
>
> Could you point me to the relevant Cisco documentation describing the
> ssr/lsr ACL options below? I couldn't find these options in the 12.4command
> reference, config guide.
>
> > ip access-list extended SECURITY
> > deny ip any any option ssr
> > deny ip any any option lsr
>
> Thanks
>
> Ben
>
>
>
> On 6/8/07 3:47 PM, "Scott Morris" <smorris@ipexpert.com> wrote:
>
> > Well, for starters, without a permit, your ACL will actually kill
> > everything, not just the source-route stuff. :)
> >
> > But otherwise, in the way you have it laid out (both SR options), the
> two
> > would be identical. The "no ip source-route" command will kill ALL
> source
> > routing. But if you wanted to be more granular and allow one type but
> not
> > the other, the ACL approach would be the way to go, only denying one of
> > those.
> >
> > HTH,
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE
> > #153, CISSP, et al.
> > CCSI/JNCI-M/JNCI-J
> > VP - Technical Training - IPexpert, Inc.
> > IPexpert Sr. Technical Instructor
> >
> > A Cisco Learning Partner - We Accept Learning Credits!
> >
> > smorris@ipexpert.com
> >
> > Telephone: +1.810.326.1444
> > Fax: +1.810.454.0130
> > http://www.ipexpert.com
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > nagendra kumar
> > Sent: Friday, June 08, 2007 8:14 AM
> > To: ccielab@groupstudy.com
> > Subject: Source routed packet
> >
> > Hi All,
> >
> > To drop source routed packet, Is there any difference
> between configuring
> > "no ip source-route" command and using access-list as below,
> >
> > ip access-list extended SECURITY
> > deny ip any any option ssr
> > deny ip any any option lsr
> >
> > Regards,
> > Nagendra
> >
> >
> >
> > ---------------------------------
> > Luggage? GPS? Comic books?
> > Check out fitting gifts for grads at Yahoo! Search.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Narbik Kocharians
CCIE# 12410 (R&S, SP, Security)
CCSI# 30832

• Next message: Muhammad Nasim: "Re: quick private vlan question"
• Previous message: Ben: "Re: Source routed packet"
• Maybe in reply to: nagendra kumar: "Source routed packet"
• Next in thread: Ben: "Re: Source routed packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART