From: Frank K. Lu (fclu@xxxxxxxxxxxxx)
Date: Tue May 16 2000 - 11:10:39 GMT-3
Sorry Kevin... Didn't pay attention on the ACL number... I see what you are say
ing. Good question, sorry no answer for you.
-Frank
"Frank K. Lu" wrote:
> Kevin,
>
> I though "-1" should be "all network", not the protocol type.
>
> -Frank
>
> Kevin Young wrote:
>
> > Hi, everyone, there is a ipx access-list question puzzled me:
> > caslow'book said, create a ipx dialer-list to block rip and sap traffic,
> > access-list 901 deny -1 ffffffff 0 ffffffff rip
> > access-list 901 deny -1 ffffffff 0 ffffffff sap
> > dialer-list 1 protocol ipx permit list 901
> > '-1' means all protocol types, '0'means all sources sockets, 'rip' and 'sap
' mean destination sockets.
> > but also the book said: setting the protocol to '0' means an undefined prot
ocol,refer to the socket number to determine the packet type. so I think it sho
uld be:
> > access-list 901 deny 0 ffffffff 0 ffffffff rip
> > access-list 901 deny 0 ffffffff 0 ffffffff sap
> > access-list 901 permit -1 any 0 any 0
> > dialer-list 1 protocol ipx permit list 901
> > What do you think? What's the difference?
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:29 GMT-3