Hi George Thanks for the detailed reply so traffic generated from the router will always get marked but traffic going through (cef) the router would not? Will lab it later...
WRT defining the de-list where I say match "ip" from access list "101" how does this ignore the "deny www" traffic would matching "ip" not automatically match any www traffic too? Or would the "deny www" explicitly not set the de bit for this traffic , struggling to understand this bit (pardon pun) -- BR Tony Sent from my iPhone on 3 On 7 Oct 2012, at 16:22, George Leslie <[email protected]> wrote: > Hi Tony, > I don't have the lab book in front of me, so this is from memory!! > > Your config will set the DE bit in the frame relay frame, for all IP packets, > other than HTTP packets, sent out DLCI 205 or 206. > > You need the second deny as the HTTP packets could either be heading out > towards a server, or coming back from a server. If the task does not state > where the http server is, then you need to accound for both. > > First deny would be outbound towards a server that lives the other side of > the frame network; second deny would mean the server is on your side of the > frame network. > > There is a slight gotcha with this command, that came up on this forum last > year. This command actually only works for packets that are process > switched, not CEF or fast switches. So, in the real lab, this is an "ask the > proctor moment", as disabling CEF on the interface may disable other > necessary functions. > > So, you'd have to ask the proctor if they are only looking for the command in > the config, or if you should be using MQC syntax to achieve the same thing. > > HTH, George. > > > Date: Sun, 7 Oct 2012 04:06:59 +0100 > > From: [email protected] > > To: [email protected] > > Subject: [OSL | CCIE_RS] V1 task 6.16 FR > > > > Hi > > > > Sorry for the dumb question but I'm struggling to understand the logic when > > de bit is set to on for the following traffic.... > > > > frame-relay de-list 1 protocol ip list 101 > > > > frame-relay de-group 1 205 > > frame-relay de-group 1 206 > > > > access-list 101 deny tcp any any eq www > > access-list 101 deny tcp any eq www any > > access-list 101 permit ip any any > > > > i.e de bit set to on, on the frame-relay frame > we mark the ip packets for > > de > passed to service provider who can discard at times of congestion > > > > how is deny tcp www "allowed on the CIR" against this de-list using this > > reverse logic, how does this work technically? is it that de-list looks for > > only a permit statement in the referenced acl & any deny it ignores? > > > > and why do we use the second acl statement, is this not covered by the > > first acl statement? > > > > BR > > > > Tony > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
