Re: IPX access-list

From: Frank K. Lu (fclu@xxxxxxxxxxxxx)
Date: Tue May 16 2000 - 10:51:38 GMT-3

• Next message: Frank K. Lu: "Re: IPX access-list"
• Previous message: Frank K. Lu: "Re: TR VLANs"
• Maybe in reply to: Kevin Young: "IPX access-list"
• Next in thread: Frank K. Lu: "Re: IPX access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Kevin,

    I though "-1" should be "all network", not the protocol type.

-Frank

Kevin Young wrote:

> Hi, everyone, there is a ipx access-list question puzzled me:
> caslow'book said, create a ipx dialer-list to block rip and sap traffic,
> access-list 901 deny -1 ffffffff 0 ffffffff rip
> access-list 901 deny -1 ffffffff 0 ffffffff sap
> dialer-list 1 protocol ipx permit list 901
> '-1' means all protocol types, '0'means all sources sockets, 'rip' and 'sap'
mean destination sockets.
> but also the book said: setting the protocol to '0' means an undefined protoc
ol,refer to the socket number to determine the packet type. so I think it shoul
d be:
> access-list 901 deny 0 ffffffff 0 ffffffff rip
> access-list 901 deny 0 ffffffff 0 ffffffff sap
> access-list 901 permit -1 any 0 any 0
> dialer-list 1 protocol ipx permit list 901
> What do you think? What's the difference?
>

• Next message: Frank K. Lu: "Re: IPX access-list"
• Previous message: Frank K. Lu: "Re: TR VLANs"
• Maybe in reply to: Kevin Young: "IPX access-list"
• Next in thread: Frank K. Lu: "Re: IPX access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:29 GMT-3