Apple: Tunnel: access lists where do you place them ?

From: Jason Aarons (jaarons@xxxxxxxxxxx)
Date: Sun Aug 29 1999 - 19:01:40 GMT-3

• Next message: zyz: "re: Apple: Tunnel: access lists where do you place them ?"
• Previous message: Fred Ingham: "Re: Lab question"
• Next in thread: zyz: "re: Apple: Tunnel: access lists where do you place them ?"
• Maybe reply: zyz: "re: Apple: Tunnel: access lists where do you place them ?"
• Maybe reply: Vincent Fortunato: "RE: Apple: Tunnel: access lists where do you place them ?"
• Maybe reply: Jason Aarons: "RE: Apple: Tunnel: access lists where do you place them ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
How should apple/ip access-lists be used with Tunnels ?

I'm trying to block other zones from crossing my Tunnel but not having any
luck. If I place the "appletalk access-group 689 out" on the tunnel
interface it is lost when I wr mem and reload.

If I put the access-group on the Tunnel interface I still see networks/zones
I'm trying to filter - jason

PS Connecitvity is great, just passing more zones that I want to.

appletalk routing
hostname milan
!
interface Tunnel0
no ip address
tunnel source Ethernet0
tunnel destination 192.168.3.2
tunnel mode cayman
!
interface Ethernet0
ip address 207.87.253.1 255.255.255.0
appletalk cable-range 250-259 256.143
appletalk zone milan <---There are lots of other zones on E0
appletalk access-group 689 out <I've also tried in>
!
access-list 689 permit zone milan
access-list 689 deny additional-zones
access-list 689 permit cable-range 250-259
access-list 689 deny other-access
Milan#show apple route
Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP
       S - static P - proxy
5 routes in internet. Up to 2 parallel paths allowed.

The first zone listed for each entry is its default (primary) zone.

C Net 100-105 directly connected, Serial0, zone leftserial
C Net 106-110 directly connected, Serial1, zone rightserial
R Net 120-120 [1/G] via 100.2, 3 sec, Serial0, zone ethernet
C Net 250-259 directly connected, Ethernet0, zone milan
R Net 260-269 [1/G] via 0.0, 0 sec, Tunnel0, zone paris

hostname Paris
appletalk routing
!
interface Vlan908
ip address 192.168.3.2 255.255.255.0
appletalk cable-range 260-269 263.5
appletalk zone paris
appletalk access-group 689 in
!
access-list 689 permit zone milan
access-list 689 deny additional-zones
access-list 689 permit cable-range 250-259
access-list 689 deny other-access
!
Paris#show apple route
Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP
       S - static P - proxy
5 routes in internet

The first zone listed for each entry is its default (primary) zone.

R Net 100-105 [1/G] via 0.0, 9 sec, Tunnel0, zone leftserial
R Net 106-110 [1/G] via 0.0, 9 sec, Tunnel0, zone rightserial
R Net 120-120 [2/G] via 0.0, 9 sec, Tunnel0, zone ethernet
R Net 250-259 [1/G] via 0.0, 9 sec, Tunnel0, zone milan
C Net 260-269 directly connected, Vlan908, zone paris
c55K_RSM_Top#

• Next message: zyz: "re: Apple: Tunnel: access lists where do you place them ?"
• Previous message: Fred Ingham: "Re: Lab question"
• Next in thread: zyz: "re: Apple: Tunnel: access lists where do you place them ?"
• Maybe reply: zyz: "re: Apple: Tunnel: access lists where do you place them ?"
• Maybe reply: Vincent Fortunato: "RE: Apple: Tunnel: access lists where do you place them ?"
• Maybe reply: Jason Aarons: "RE: Apple: Tunnel: access lists where do you place them ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:47 GMT-3