I know Cory, but it still only checks on the destination address. If an
extended access list has been configured to allow ping only, once a ping has
been made, an entry has been created in the MLS cache, and from there on the
access list is not worth anything, because the MLS-SE will allow anything
through directly to the destination, because the extended access list which
is at the MLS-RP doesn't see anymore data to that destination.
I'm a bit confused here.
Thanks,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
http://www.oledrews.com/ccnp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: Stull, Cory [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 25, 2000 2:33 PM
To: 'Ole Drews Jensen'
Cc: '[EMAIL PROTECTED]'
Subject: RE: BCMSN: Flow Masks
Ole,
If you have an extended access-list setup it might be needing more info than
just the destination IP address. You may be filtering on a source address
or something. This is why your flow would change.
Cory
-----Original Message-----
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 25, 2000 11:48 AM
To: '[EMAIL PROTECTED]'
Subject: BCMSN: Flow Masks
I can understand that even though you use a full IP flow for the flow masks,
the switch only looks at the destination IP in the MLS cache before
forwarding the packet. The flow masks are not used to check the cache, but
to determine how much information to put in the cache.
My question is, why would you use the full IP flow or IP source/destination
flow instead of only IP destination when it only looks at the destination no
matter what ???
Thanks,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
http://www.oledrews.com/ccnp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
