Re: IP Inspection

Discussion in 'Cisco' started by bod43, Sep 8, 2010.

  1. bod43

    bod43 Guest

    On 8 Sep, 02:48, "" <>
    wrote:
    > On Sep 7, 7:13 pm, bod43 <> wrote:
    > I don't recognize this output.  What command did you issue to generate
    > this?


    Sorry I meant to post the command and forgot.

    sh int switching

    As regards forwarding performance
    is doesn't matter which fast switching method is in use,
    CEF, Netflow, Fast Switching, others mostly obsolete

    The sh int switching does not distinguish and
    lumps all fast switching types together. Which is
    what you want:)

    > Can you please explain why applying "ip inspect myfw out" to the
    > outside interface is better than "ip inspect myfw in" on the inside
    > interface?


    I don't know. I think I know what applying an
    inspect statement to the outside interface means,
    but I have no idea what applying it to an inside
    interface will mean. I would apply it to the outside interface.

    The inspect process does two things.

    1.
    Makes temporary holes in the inbound access-list
    to allow the return traffic.

    2.
    "Inspects" the traffic. I have no real idea what this
    amounts to on a Cisco router.

    Oh yes. I was guessing about 12.3T so it does not
    matter much whether it is after 12.3 or not.

    It happens that it is after. In general the T (Technology)
    train has all the new stuff that eventually ends up
    in the next main release.

    12.2T --> 12.3 mainline
    12.3T --> 12.4 mainline
    12.4T --> 15 mainline

    The mainline software is effectively frozen
    apart from bug fixes and all new hardware
    and software features end up in the T.

    The other weird releases are generally
    desigend to get specific hardware or software
    features out the door and end up folded back
    into the T train quite quickly.

    There are a couple of exceptions.

    An example is that the "Switches" tend to use
    different releases.

    For the most stable software for routers, use
    mainline of you can, T if you
    need the features and avoid any others
    if at all possible.

    For switches go with the flow. There is no alternative)
     
    bod43, Sep 8, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nathan

    SMTP Application Inspection

    Nathan, May 21, 2004, in forum: Cisco
    Replies:
    3
    Views:
    2,300
    Walter Roberson
    May 21, 2004
  2. Daniel Eyholzer

    CBAC inspection rule with Cisco-AVPair

    Daniel Eyholzer, Oct 12, 2004, in forum: Cisco
    Replies:
    0
    Views:
    767
    Daniel Eyholzer
    Oct 12, 2004
  3. elmar bschorer

    CBAC (ip inspection) - no udp blocking

    elmar bschorer, Mar 6, 2005, in forum: Cisco
    Replies:
    5
    Views:
    2,794
    elmar bschorer
    Mar 7, 2005
  4. B Squared
    Replies:
    1
    Views:
    3,016
    DigitalVinyl
    Feb 25, 2006
  5. Joel Rubin
    Replies:
    1
    Views:
    1,933
Loading...

Share This Page