From: Kent (cciecn@xxxxxxxxx)
Date: Tue Jul 11 2000 - 11:02:05 GMT-3
The first version only conver the source, the second
takes care of both source and destination.
Kent
--- Gerard Robinson <gerardrobinson@dial.pipex.com>
wrote:
>
> To see if they work the same why not apply
> each access-list to an
> interface or a dialer-list and then run deb ipx pack
> or deb dialer pack and
> see if SAPs and RIPs and 457 get denied or they are
> interesting traffic for
> an ISDN call. I do this a lot just to check that my
> access-list is working
> properly, also deb ipx pack gives you the protocol
> number, dest address,
> source address and both sockets so if your
> access-list is not working you
> should be able to see why.
>
>
>
> ----- Original Message -----
> From: Clifton Stewart <cliftonlstewart@home.com>
> To: Chia Kim Seng, Sr Network Spec, SCS-Networks
> <chiaks@scsnetworks.scs.com.sg>;
> <ccielab@groupstudy.com>
> Sent: Tuesday, July 11, 2000 8:42 AM
> Subject: IPX Access-list
>
>
> > Chia,
> >
> > On the second version teh all keyword specifies
> all sockets (meaning
> > match all wildcard sockets). The first one you
> deny any but you didn't
> > explicitly deny all sockets.
> >
> > Clifton Stewart-CCNA, CCIE Candidate
> >
> > "Chia Kim Seng, Sr Network Spec, SCS-Networks"
> wrote:
> > >
> > > Guys, are they the same?
> > >
> > > access-list 900 deny any any sap
> > > access-list 900 deny any any rip
> > > access-list 900 deny any any 457
> > > access-list 900 permit any any
> > >
> > > and
> > >
> > > access-list 900 deny any any all any sap
> > > access-list 900 deny any any all any rip
> > > access-list 900 deny any any all any 457
> > > access-list 900 permit any any all any
> > >
> > > Regards,
> > > Kim Seng
> > > May all being be happy!
> > >
> > >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:53 GMT-3