From: Connary, Julie Ann (jconnary@xxxxxxxxx)
Date: Tue Jan 09 2001 - 11:25:20 GMT-3
I noticed that many documents use the following format to filter RIP and SAP:
access-list 900 deny any any all any RIP (Where the first any = -1 or all
networks, second any = ffffffff or all networks, all = 0 or all sockets)
access-list 900 deny any any all any SAP
this takes different forms depending on how many key words you use as noted
in the paraenthesis.
But -
how about
access-list 900 deny RIP
And just
access-list 900 deny RIP
vs typing in all that other garbage to filter on destination socket? What
do the other values then default to?
i.e. does network default to any, does socket default to all?
I guess I'm still a little confused here -
If
RIP is a protocol type (type 1) why not filter on that? But RIP is also a
socket - 453. So is a rip packet always
IPX protocol type 1 and socket 453?
I guess I'll go do some debugs to look at what happens to get it clear in
my mind.
Julie Ann
------------------------------------------------------------------------
Julie Ann Connary
| | Network Consulting Engineer
||| ||| Federal Support Program
.|||||. .|||||. 13635 Dulles Technology Drive,
Herndon VA 20171
.:|||||||||:.:|||||||||:. Pager: 1-888-642-0551
c i s c o S y s t e m s Email: jconnary@cisco.com
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:25 GMT-3