RE: IEWB Lab13 Vol 2 - Task 7.1

From: Scott Morris (smorris@internetworkexpert.com)
Date: Wed Jan 28 2009 - 22:45:26 ARST

• Next message: walkingwithcisco: "Khawar Butt CCIE RS Workbook"
• Previous message: joe_astorino@comcast.net: "Re: CCIE Certified #23326"
• Maybe in reply to: Sharma, Praveen: "IEWB Lab13 Vol 2 - Task 7.1"
• Next in thread: Darby Weaver: "Re: IEWB Lab13 Vol 2 - Task 7.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If we are talking about things directed towards the router itself COPP would
be a good solution for stuff. In this particular instance (no worries as
you couldn't see the context of the task!) it's talking about things passing
THROUGH the router towards the hosts, but also talking about things denied
by an interface ACL.

So the "no ip unreachables" would be a much simpler and accurate solution to
that particular part.

On the other hand COPP is a very good thing to at least be familiar with
along the way! ;) Beats being surprised sometime!

Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
JNCI-M/JNCI-ER
Senior CCIE Instructor

smorris@internetworkexpert.com
 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344

Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jared Scrivener
Sent: Wednesday, January 28, 2009 4:28 PM
To: 'Sharma, Praveen'; ccielab@groupstudy.com
Subject: RE: IEWB Lab13 Vol 2 - Task 7.1

Hey Praveen,

I'm not familiar with IE's labs, but generally if you see a reference to
"silently discarding packets" you are probably being directed to use
control-plane policing with the silent discard feature. This is enabled
automatically if you are using outbound control-plane policing.

Silent discarding is generally used to ensure that messages aren't being
sent back to the sender of denied packets. This is done to help avoid
network reconnaissance attacks.

Without seeing the specific question, that's the best suggestion I can
offer.

Cheers,

Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sharma, Praveen
Sent: Wednesday, 28 January 2009 4:17 PM
To: ccielab@groupstudy.com
Subject: IEWB Lab13 Vol 2 - Task 7.1

Hi GS,

I got confused with this statement in access-list example

 "Silently Discard packet that denied".

To be more specific it is Vol II 4.1 Lab 13 7.1.

Thanks
Praveen

Blogs and organic groups at http://www.ccie.net

• Next message: walkingwithcisco: "Khawar Butt CCIE RS Workbook"
• Previous message: joe_astorino@comcast.net: "Re: CCIE Certified #23326"
• Maybe in reply to: Sharma, Praveen: "IEWB Lab13 Vol 2 - Task 7.1"
• Next in thread: Darby Weaver: "Re: IEWB Lab13 Vol 2 - Task 7.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST