From: Gerard Robinson (gerardrobinson@xxxxxxxxxxxxxx)
Date: Tue Jul 11 2000 - 07:31:25 GMT-3
To see if they work the same why not apply each access-list to an
interface or a dialer-list and then run deb ipx pack or deb dialer pack and
see if SAPs and RIPs and 457 get denied or they are interesting traffic for
an ISDN call. I do this a lot just to check that my access-list is working
properly, also deb ipx pack gives you the protocol number, dest address,
source address and both sockets so if your access-list is not working you
should be able to see why.
----- Original Message -----
From: Clifton Stewart <cliftonlstewart@home.com>
To: Chia Kim Seng, Sr Network Spec, SCS-Networks
<chiaks@scsnetworks.scs.com.sg>; <ccielab@groupstudy.com>
Sent: Tuesday, July 11, 2000 8:42 AM
Subject: IPX Access-list
> Chia,
>
> On the second version teh all keyword specifies all sockets (meaning
> match all wildcard sockets). The first one you deny any but you didn't
> explicitly deny all sockets.
>
> Clifton Stewart-CCNA, CCIE Candidate
>
> "Chia Kim Seng, Sr Network Spec, SCS-Networks" wrote:
> >
> > Guys, are they the same?
> >
> > access-list 900 deny any any sap
> > access-list 900 deny any any rip
> > access-list 900 deny any any 457
> > access-list 900 permit any any
> >
> > and
> >
> > access-list 900 deny any any all any sap
> > access-list 900 deny any any all any rip
> > access-list 900 deny any any all any 457
> > access-list 900 permit any any all any
> >
> > Regards,
> > Kim Seng
> > May all being be happy!
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:53 GMT-3