From: Carolyn Camarda (ccamarda@xxxxxxxxxxxxx)
Date: Wed Feb 13 2002 - 20:23:03 GMT-3
I spent all day working a problem that I finally figured out (stupid,
stupid) as I was typing for help. Sometime the group has it's merits
without posting.
Please respond if possible:
Need confirmation. Access expressions work as Boolean functions. Given the
following configuration:
int to0
access-expression in (lsap(200) & dmac(700))
!
access-list 200 deny 0x0004 0x0001
access-list 200 permit 0x0000 0xffff
!
access-list 700 deny 4000.3701.2000
access-list 700 permit 0.0.0 ffff.ffff.ffff
A packet that is:
denied by both ACL 200 & 700 -> is blocked from entering to0
permitted by either but no both ACL 200 & 700 -> is blocked from entering
to0
permitted by both ACL 200 & 700 -> is allowed to enter to0
Changing the operand to a '|'
access-expression in (lsap(200) | dmac(700))
denied by both ACL 200 & 700 -> is blocked from entering to0
permitted by either but no both ACL 200 & 700 -> is allowed to enter to0
permitted by both ACL 200 & 700 -> is allowed to enter to0
I am really looking for confirmation on the OR part.
Carolyn
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:22 GMT-3