From: Ben (bmunyao@gmail.com)
Date: Sun Jun 17 2007 - 15:31:40 ART
Thanks Narbik
Looks like I should be using the 12.4T train instead of 12.4 when referring
to the DocCD. Is the 3T2 train a superset of the other? Which one does Cisco
provide in the Lab exam?
Ben
On 6/17/07 8:49 PM, "Narbik Kocharians" <narbikk@gmail.com> wrote:
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t
/
> 123t_4/gtipofil.pdf
>
> On 6/17/07, Ben <bmunyao@gmail.com> wrote:
>> Nagendra, Scott
>>
>> Could you point me to the relevant Cisco documentation describing the
>> ssr/lsr ACL options below? I couldn't find these options in the 12.4
command
>> reference, config guide.
>>
>>> > ip access-list extended SECURITY
>>> > deny ip any any option ssr
>>> > deny ip any any option lsr
>>
>> Thanks
>>
>> Ben
>>
>>
>>
>> On 6/8/07 3:47 PM, "Scott Morris" < smorris@ipexpert.com> wrote:
>>
>>> > Well, for starters, without a permit, your ACL will actually kill
>>> > everything, not just the source-route stuff. :)
>>> >
>>> > But otherwise, in the way you have it laid out (both SR options), the
two
>>> > would be identical. The "no ip source-route" command will kill ALL
source
>>> > routing. But if you wanted to be more granular and allow one type but
not
>>> > the other, the ACL approach would be the way to go, only denying one of
>>> > those.
>>> >
>>> > HTH,
>>> >
>>> >
>>> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE
>>> > #153, CISSP, et al.
>>> > CCSI/JNCI-M/JNCI-J
>>> > VP - Technical Training - IPexpert, Inc.
>>> > IPexpert Sr. Technical Instructor
>>> >
>>> > A Cisco Learning Partner - We Accept Learning Credits!
>>> >
>>> > smorris@ipexpert.com
>>> >
>>> > Telephone: +1.810.326.1444
>>> > Fax: +1.810.454.0130
>>> > http://www.ipexpert.com
>>> >
>>> >
>>> > -----Original Message-----
>>> > From: nobody@groupstudy.com <mailto:nobody@groupstudy.com>
>>> [mailto:nobody@groupstudy.com] On Behalf Of
>>> > nagendra kumar
>>> > Sent: Friday, June 08, 2007 8:14 AM
>>> > To: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
>>> > Subject: Source routed packet
>>> >
>>> > Hi All,
>>> >
>>> > To drop source routed packet, Is there any difference between
>>> configuring
>>> > "no ip source-route" command and using access-list as below,
>>> >
>>> > ip access-list extended SECURITY
>>> > deny ip any any option ssr
>>> > deny ip any any option lsr
>>> >
>>> > Regards,
>>> > Nagendra
>>> >
>>> >
>>> >
>>> > ---------------------------------
>>> > Luggage? GPS? Comic books?
>>> > Check out fitting gifts for grads at Yahoo! Search.
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART