Fragment packets

From: Mohamed Tandou (dtandou@gmail.com)
Date: Fri Sep 12 2008 - 10:41:47 ART

• Next message: Paul Alexander: "Re: Payment Policy"
• Previous message: Chidd: "Re: eigrp key on SVI"
• Next in thread: Ramy Sisy: "RE: Fragment packets"
• Maybe reply: Ramy Sisy: "RE: Fragment packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hell GS,
i was reading Doc Cd about fragment. Here what they say in their example:

The first statement will match and deny only noninitial fragments destined
for host 1.1.1.1.
The second statement will match and permit only the remaining nonfragmented
and initial fragments that are destined for host 1.1.1.1 TCP port 80.
The third statement will deny all other traffic. In order to block
noninitial fragments for any TCP port, we must block noninitial fragments
for all TCP ports, including port 80 for host 1.1.1.1.

access-list 101 deny ip any host 1.1.1.1 fragments
access-list 101 permit tcp any host 1.1.1.1 eq 80
access-list 101 deny ip any any

My question will be. Do we have to specify port 80? In one of the
InternetworkExpert lab they did not specify port 80. May be different
scenario i don't know. Can someone light it up for me?

Thanks

Mohamed

Blogs and organic groups at http://www.ccie.net

• Next message: Paul Alexander: "Re: Payment Policy"
• Previous message: Chidd: "Re: eigrp key on SVI"
• Next in thread: Ramy Sisy: "RE: Fragment packets"
• Maybe reply: Ramy Sisy: "RE: Fragment packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART