re: Apple: Tunnel: access lists where do you place them ?

From: zyz (zyz98@xxxxxxxxxxxxx)
Date: Sun Aug 29 1999 - 22:44:27 GMT-3

• Next message: Vincent Fortunato: "RE: Apple: Tunnel: access lists where do you place them ?"
• Previous message: Jason Aarons: "Apple: Tunnel: access lists where do you place them ?"
• Maybe in reply to: Jason Aarons: "Apple: Tunnel: access lists where do you place them ?"
• Next in thread: Vincent Fortunato: "RE: Apple: Tunnel: access lists where do you place them ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
if u want to filter route, u should use "apple distribute-list 689 in(out)".
apple access-group 689 is used to filter packet like ip access-group xxx for
ip packet. so u still can see the route. but if u ping them, ping will fail.
---zyz

jason wrote:

>How should apple/ip access-lists be used with Tunnels ?
>
>I'm trying to block other zones from crossing my Tunnel but not having any
>luck. If I place the "appletalk access-group 689 out" on the tunnel
>interface it is lost when I wr mem and reload.
>
>If I put the access-group on the Tunnel interface I still see
networks/zones
>I'm trying to filter - jason
>
>PS Connecitvity is great, just passing more zones that I want to.
>
>
>appletalk routing
>hostname milan
>!
>interface Tunnel0
>no ip address
>tunnel source Ethernet0
>tunnel destination 192.168.3.2
>tunnel mode cayman
>!
>interface Ethernet0
>ip address 207.87.253.1 255.255.255.0
>appletalk cable-range 250-259 256.143
>appletalk zone milan <---There are lots of other zones on E0
>appletalk access-group 689 out <I've also tried in>
>!
>access-list 689 permit zone milan
>access-list 689 deny additional-zones
>access-list 689 permit cable-range 250-259
>access-list 689 deny other-access
>Milan#show apple route
>Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP
> S - static P - proxy
>5 routes in internet. Up to 2 parallel paths allowed.
>
>The first zone listed for each entry is its default (primary) zone.
>
>C Net 100-105 directly connected, Serial0, zone leftserial
>C Net 106-110 directly connected, Serial1, zone rightserial
>R Net 120-120 [1/G] via 100.2, 3 sec, Serial0, zone ethernet
>C Net 250-259 directly connected, Ethernet0, zone milan
>R Net 260-269 [1/G] via 0.0, 0 sec, Tunnel0, zone paris
>
>
>
>
>
>hostname Paris
>appletalk routing
>!
>interface Vlan908
>ip address 192.168.3.2 255.255.255.0
>appletalk cable-range 260-269 263.5
>appletalk zone paris
>appletalk access-group 689 in
>!
>access-list 689 permit zone milan
>access-list 689 deny additional-zones
>access-list 689 permit cable-range 250-259
>access-list 689 deny other-access
>!
>Paris#show apple route
>Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP
> S - static P - proxy
>5 routes in internet
>
>The first zone listed for each entry is its default (primary) zone.
>
>R Net 100-105 [1/G] via 0.0, 9 sec, Tunnel0, zone leftserial
>R Net 106-110 [1/G] via 0.0, 9 sec, Tunnel0, zone rightserial
>R Net 120-120 [2/G] via 0.0, 9 sec, Tunnel0, zone ethernet
>R Net 250-259 [1/G] via 0.0, 9 sec, Tunnel0, zone milan
>C Net 260-269 directly connected, Vlan908, zone paris
>c55K_RSM_Top#
>

• Next message: Vincent Fortunato: "RE: Apple: Tunnel: access lists where do you place them ?"
• Previous message: Jason Aarons: "Apple: Tunnel: access lists where do you place them ?"
• Maybe in reply to: Jason Aarons: "Apple: Tunnel: access lists where do you place them ?"
• Next in thread: Vincent Fortunato: "RE: Apple: Tunnel: access lists where do you place them ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:47 GMT-3