Re: Extended ACL to permit GRE traffic..

From: Scott Morris <smorris_at_ine.com>
Date: Mon, 01 Mar 2010 10:09:32 -0500

 Good point... Someone has to work to pay for all the "improvements",
right?

ccie study wrote:

  1.1c after taxes!? Where is your health care cut ? :) more like -1.1c, then
  again - if you live in canada -1.2c!
  
  ;)

    Date: Mon, 1 Mar 2010 08:37:59 -0500
    From: smorris_at_ine.com To: Jitendra.Anbu_at_optus.com.au CC: martin.john.hogan_at_gmail.com ; ccielab_at_groupstudy.com Subject: Re: Extended ACL to permit GRE traffic..
    
     It may be too much in the morning for me (pre-caffeine) but I didn't
    read Martin's e-mail as anything from atop a pedestal. Most of the time,
    when questions come up, they can be approached from a very simple thought
    process.
    
    Which, this whole thing with routers and switches... Once we start
    understanding HOW they think, then most things become much easier to work
    through. Workbooks are great, but don't come up with every single
    variant! So someplace along the way, we need to learn to think like the
    routers and switches do.
    
    So, the valid question is can I use "permit ip" in an ACL? Sure. But
    why?
    
    What about "permit gre"? That's more specific, but again, why? BECAUSE
    (as another e-mail listed) the GRE protocol is IP protocol 47. Which
    means GRE is a subset of IP. Permitting the larger list/set will always
    permit the subsets.
    
    So, concentrating on the answer of WHY is where we get the learning
    from. Granted, Martin wasn't very verbose in his note (grin), but at
    least in my opinion, he wasn't trying to deride or insult anyone.
    
    The problem with e-mail is that it doesn't carry much of a sense of humor
    with it. Let's not read more into things than was actually there though.
    
    My two cents. (Which after taxes is only likely to be 1.1 cents these
    days!)
    
    Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
    
    CCDE #2009::D, JNCIE-M #153, JNCIS-ER, CISSP, et al.
    
    JNCI-M, JNCI-ER
    evil_at_ine.com
    Internetwork Expert, Inc.
    http://www.InternetworkExpert.com
    Toll Free: 877-224-8987
    
    Outside US: 775-826-4344
    
    Knowledge is power.
    
    Power corrupts.
    
    Study hard and be Eeeeviiiil......
    
    Jitendra Anbu wrote:
    
      Sorry Martin I think you were out of line with your approach! You & some
      others who subscribe in this e-mail group need to come down from your
      pedestal.
    
      ________________________________
      From: Martin Hogan [ martin.john.hogan_at_gmail.com ]
      Sent: Monday, 1 March 2010 7:24 PM
      To: Jitendra Anbu
      Cc: CCIE R/S, Groupstudy
      Subject: Re: Extended ACL to permit GRE traffic..
    
      Hi Jit,
    
      I was going for the "teach a man to fish" rather than give him a fish
      approach.
    
      So yes, I was trying to help more than simply typing out an answer. I like

  to

      think that CCIE's or people who aspire to be would or should be interested

  in

      the how and why things work as they do rather than just the answer.
    
      Glad you got what you were after.
    
      Martin
    
      On Mon, Mar 1, 2010 at 7:11 PM, Jitendra Anbu
      < Jitendra.Anbu_at_optus.com.au <mailto:Jitendra.Anbu_at_optus.com.au> >

  wrote:

      Martin, I am not sure whether you're trying to help or just making us

  guess

      what you know????
    
      My understanding was that GRE would be automatically permitted if I permit

  IP

      - that's it.
    
      If that's not the case I was expecting someone to tell me.
      ________________________________
      From: Martin Hogan
      [ martin.john.hogan_at_gmail.com <mailto:martin.john.hogan_at_gmail.com> ]
      Sent: Monday, 1 March 2010 2:06 PM
      To: Jitendra Anbu
      Cc: CCIE R/S, Groupstudy
      Subject: Re: Extended ACL to permit GRE traffic..
    
      Think back to basics;
    
      What is IP?
      What is GRE?
    
      How do they work (together?)?
    
      On Mon, Mar 1, 2010 at 1:49 PM, Jitendra Anbu
      < Jitendra.Anbu_at_optus.com.au <mailto:Jitendra.Anbu_at_optus.com.au> >

  wrote:

      Hi All,
    
      If you create a Extended ACL as;
    
      ip access-list extended TUNNEL
      permit ip host 203.208.174.93 host 85.115.65.7
    
      Would this permit GRE traffic - for example?
    
      OR
    
      do I need this to permit GRE;
    
      ip access-list extended TUNNEL
      permit gre host 203.208.174.93 host 85.115.65.7
    
      Thank you.
    
      Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/> _______________________________________________________________________
      Subscription information may be found at:

  http://www.groupstudy.com/list/CCIELab.html

      Blogs and organic groups at http://www.ccie.net _______________________________________________________________________
      Subscription information may be found at:

  http://www.groupstudy.com/list/CCIELab.html

    Blogs and organic groups at http://www.ccie.net
    _______________________________________________________________________
    Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

  _________________________________________________________________
  Hotmail: Free, trusted and rich email service. http://clk.atdmt.com/GBL/go/201469228/direct/01/
  
  Blogs and organic groups at http://www.ccie.net
  _______________________________________________________________________
  Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 01 2010 - 10:09:32 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART