With "permit/deny <L4 protocol> <ip range > <ip range> fragments", if there is a packet that is a non-initial packet which doesn't have the l4 information then what will the router?
Permit "permit/deny <L4 protocol> <ip range > <ip range> fragments" ---> Allows the packets checking, if the l3 info matches deny <L4 protocol> <ip range > <ip range> fragments -> Even, if the l3 info matches, the routes is checked for the next ACL statement and not denied. With regards Kings On Fri, Jul 9, 2010 at 9:19 AM, Yogesh Gawankar <[email protected]> wrote: > Hi All > > IS there any difference in the following 2 ACEs > > permit/deny <L4 protocol> <ip range > <ip range> fragments > and permit/deny ip <ip range> <ip range> fragments, > > Arent they both going to act the same on any non-intial fragmented > packets? > > ALso if we specify some port information in the L4 ACE does it allow us to > still specify the fragments keyword? > > Thanks and regards > > Yogesh > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
