Hi All I am familiar with the way ACLs treat fragments and I was wondering what is the consensus - should fragments be explicitly denied on ACLs?
Should PMTUD work to the point that legitimate traffic is rarely if ever fragmented and therefore layer 3 ACLs should be duplicated to a point that a second entry exists for fragments also? I know that without the intial fragment, non-initial fragments can't be reassembled on the inside host but who needs these fragments on their network to begin with causing additional overhead? Your thoughts? Ben
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
