Re: ZBF same interface traffic ?

From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Mon Nov 10 2008 - 12:01:17 ARST

• Next message: Luan Nguyen: "RE: IOS DHCP server - how to test assigned backup default"
• Previous message: Diment, Andrew: "RE: ZBF same interface traffic ?"
• Maybe in reply to: Carlos G Mendioroz: "ZBF same interface traffic ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Problem was discovered using 12.4.(22)T on 2800.
I was unable to reproduce it on 12.4(9)T7 on 2600XM.

It is related somehow to same interface because it works if the same
(originally secondary) address is put on an if of its own.
And it is related to ZBF because it works w/o it.
But it may also be related to vlan interfaces... I'm working (low prio)
on duplicating the issue on a lab setup.

-Carlos

Diment, Andrew @ 10/11/2008 11:54 -0200 dixit:
> Carlos,
>
> What IOS version did not work and what did you upgrade to.
>
> Just curious.
>
> Thanks,
> Andy
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Carlos G Mendioroz
> Sent: Monday, November 10, 2008 3:32 AM
> To: Felix Nkansah
> Cc: Cisco certification
> Subject: Re: ZBF same interface traffic ?
>
>
> From this same article:
>
> Zone-Based Policy General Rules
>
> Router network interfaces' membership in zones is subject to several
> rules governing interface behavior, as is the traffic moving between
> zone member interfaces:
> ...
> Traffic is implicitly allowed to flow by default among interfaces that
> are members of the same zone.
>
> Nevertheless, I tested another IOS version and it works, so I guess I'm
> hitting a "hidden feature".
>
> -Carlos
>
> Felix Nkansah @ 9/11/2008 21:50 -0200 dixit:
>> Oh OK.
>>
>> I may have misconstrued some points being made in this article below
>>
>> http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_securi
>> ty_device_manager/24/software/user/guide/ZPF.html
>>
>> See the 'Zone Pairs' section.
>>
>> Not ready to try your topology out now though.
>>
>> All the best.
>>
>>
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful. If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
>
>

-- 
Carlos G Mendioroz  <tron@huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

• Next message: Luan Nguyen: "RE: IOS DHCP server - how to test assigned backup default"
• Previous message: Diment, Andrew: "RE: ZBF same interface traffic ?"
• Maybe in reply to: Carlos G Mendioroz: "ZBF same interface traffic ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST