[c-nsp] block TCP/UDP ports in GRE tunnel
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Feb 19 09:21:48 EST 2007
Hmm, not sure I understand. The "fragment" keyword is supported on ACLs
on this platform, so not really sure which command you're referring to.
Can you please show the ACL you're trying to apply and specify what
doesn't work exactly?
oli
________________________________
From: Vikas Sharma [mailto:vikassharmas at gmail.com]
Sent: Monday, February 19, 2007 3:05 PM
To: Oliver Boehmer (oboehmer); cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] block TCP/UDP ports in GRE tunnel
Hi Oli,
My IOS version is
ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB1,
RELEASE SOFTWARE (fc2)
It does not support commands to pass the fragmented packets. Which IOS
should I use?
Regards
Vikas Sharma
On 2/19/07, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
Vikas Sharma <mailto:vikassharmas at gmail.com> wrote on Monday,
February
19, 2007 8:02 AM:
> Hi,
>
> Here the only problem is any packet with MTU size more than
interface
> MTU will be dropped bcos of fregmentation. By default ACL does
not
> allow fregmented packets.
Take a look at http://www.cisco.com/warp/public/105/acl_wp.html
to see
how ACLs deal with fragmented packets. Maybe you can find a way
to
achieve your goal, this highly depends on how your ACL looks
like.
oli
>
> On 2/18/07, Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
wrote:
>
> Vikas Sharma <> wrote on Sunday, February 18, 2007 4:14
PM:
>
> > Hi,
> >
> > I have a query, is it possible to block specific
TCP/UDP ports
in
> GRE > tunnel?
>
> applying an ACL to the tunnel interface doesn't work?
>
> oli
More information about the cisco-nsp
mailing list