From: Devender Singh (devender.singh@xxxxxxxxxxxxxx)
Date: Sun Aug 26 2001 - 22:39:26 GMT-3
Bob,
I will go with the following: If you look at it, your first command is
redundant.
access-list 900 deny rip any rip any rip
access-list 900 deny sap any sap any sap
access-list 900 deny any any 457
access-list 900 permit any
Devender Singh
BE(Hons), CCNP
IP Solution Specialist
-----Original Message-----
From: Bob Chahal [mailto:bob.chahal@ntlworld.com]
Sent: Wednesday, 22 August 2001 8:34
To: ccielab@groupstudy.com
Subject: IPX access-list to block rip and sap
When creating an access-list that blocks all ipx rip,sap and serialisation
packets but allow ipx pings and all other traffic I do
access-list 900 permit rip any cping any cping
access-list 900 deny rip any rip any all
access-list 900 deny sap any sap any all
access-list 900 deny any any 457
access-list 900 permit any
In a bootcamp lab (5) their answer is
access-list 901 deny any any all any rip
access-list 901 deny any any all any sap
access-list 901 deny any any all any 457
access-list 901 permit any any all any all
I know my list blocks rip and sap but as I have very little real life ipx
experience so can anyone explain the difference or which more correct?
Thanks
Bob
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:58 GMT-3