RE: Extended ACL to permit GRE traffic.. from ccie study on 2010-03-01 (Ccielab archives 03/2010)

From: ccie study <cciestudy_at_hotmail.com>
Date: Mon, 1 Mar 2010 14:19:54 +0000

1.1c after taxes!? Where is your health care cut ? :) more like -1.1c, then
again - if you live in canada -1.2c!

;)

> Date: Mon, 1 Mar 2010 08:37:59 -0500
> From: smorris_at_ine.com
> To: Jitendra.Anbu_at_optus.com.au
> CC: martin.john.hogan_at_gmail.com; ccielab_at_groupstudy.com
> Subject: Re: Extended ACL to permit GRE traffic..
>
> It may be too much in the morning for me (pre-caffeine) but I didn't
> read Martin's e-mail as anything from atop a pedestal. Most of the time,
> when questions come up, they can be approached from a very simple thought
> process.
>
> Which, this whole thing with routers and switches... Once we start
> understanding HOW they think, then most things become much easier to work
> through. Workbooks are great, but don't come up with every single
> variant! So someplace along the way, we need to learn to think like the
> routers and switches do.
>
> So, the valid question is can I use "permit ip" in an ACL? Sure. But
> why?
>
> What about "permit gre"? That's more specific, but again, why? BECAUSE
> (as another e-mail listed) the GRE protocol is IP protocol 47. Which
> means GRE is a subset of IP. Permitting the larger list/set will always
> permit the subsets.
>
> So, concentrating on the answer of WHY is where we get the learning
> from. Granted, Martin wasn't very verbose in his note (grin), but at
> least in my opinion, he wasn't trying to deride or insult anyone.
>
> The problem with e-mail is that it doesn't carry much of a sense of humor
> with it. Let's not read more into things than was actually there though.
>
> My two cents. (Which after taxes is only likely to be 1.1 cents these
> days!)
>
> Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> CCDE #2009::D, JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
> Jitendra Anbu wrote:
>
> Sorry Martin I think you were out of line with your approach! You & some
> others who subscribe in this e-mail group need to come down from your
> pedestal.
>
> ________________________________
> From: Martin Hogan [ martin.john.hogan_at_gmail.com ]
> Sent: Monday, 1 March 2010 7:24 PM
> To: Jitendra Anbu
> Cc: CCIE R/S, Groupstudy
> Subject: Re: Extended ACL to permit GRE traffic..
>
> Hi Jit,
>
> I was going for the "teach a man to fish" rather than give him a fish
> approach.
>
> So yes, I was trying to help more than simply typing out an answer. I like
to
> think that CCIE's or people who aspire to be would or should be interested
in
> the how and why things work as they do rather than just the answer.
>
> Glad you got what you were after.
>
> Martin
>
> On Mon, Mar 1, 2010 at 7:11 PM, Jitendra Anbu
> < Jitendra.Anbu_at_optus.com.au <mailto:Jitendra.Anbu_at_optus.com.au> >
wrote:
> Martin, I am not sure whether you're trying to help or just making us
guess
> what you know????
>
> My understanding was that GRE would be automatically permitted if I permit
IP
> - that's it.
>
> If that's not the case I was expecting someone to tell me.
> ________________________________
> From: Martin Hogan
> [ martin.john.hogan_at_gmail.com <mailto:martin.john.hogan_at_gmail.com> ]
> Sent: Monday, 1 March 2010 2:06 PM
> To: Jitendra Anbu
> Cc: CCIE R/S, Groupstudy
> Subject: Re: Extended ACL to permit GRE traffic..
>
> Think back to basics;
>
> What is IP?
> What is GRE?
>
> How do they work (together?)?
>
> On Mon, Mar 1, 2010 at 1:49 PM, Jitendra Anbu
> < Jitendra.Anbu_at_optus.com.au <mailto:Jitendra.Anbu_at_optus.com.au> >
wrote:
> Hi All,
>
> If you create a Extended ACL as;
>
> ip access-list extended TUNNEL
> permit ip host 203.208.174.93 host 85.115.65.7
>
> Would this permit GRE traffic - for example?
>
> OR
>
> do I need this to permit GRE;
>
> ip access-list extended TUNNEL
> permit gre host 203.208.174.93 host 85.115.65.7
>
> Thank you.
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
> _______________________________________________________________________
> Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
>
> Blogs and organic groups at http://www.ccie.net
> _______________________________________________________________________
> Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Mon Mar 01 2010 - 14:19:54 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART