Re: Regarding Access-Expressions - Confirmation Needed

From: Ahmed Mamoor Amimi (mamoor@xxxxxxxx)
Date: Thu Feb 14 2002 - 02:50:35 GMT-3

• Next message: Matt Wagner: "RE: SNMP warning from CERT yesterday"
• Previous message: TK-Network Çözümleri: "difference"
• Maybe in reply to: Carolyn Camarda: "Regarding Access-Expressions - Confirmation Needed"
• Next in thread: Carolyn Camarda: "Re: Regarding Access-Expressions - Confirmation Needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
quote from CCO :

Alternation allows you to specify alternative patterns to match against a
string. You separate the alternative patterns with a vertical bar (|).
Exactly one of the alternatives can match the string. For example, the
regular expression

codex|telebit

matches the string codex or the string telebit, but not both codex and
telebit.

this is the bible of expression used in cisco IOS : please see the regular
expression part of the paper.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/ios127xe/cmdref/
chap1.htm#xtocid249366
watch the wrap.

by the way .... seeing ur accesslist
> access-list 200 deny 0x0004 0x0001
> access-list 200 permit 0x0000 0xffff

I think there is some mistake at 0x0004 0x0001 ---- it should be 0x0404
0x0d0d if ur filtering SNA type code 0x04
why i have written it twice.... actually this is lsap and dsap and it is
written that way.

Just remember these magic phrase : ....
0x0d0d mask is for SNA
0x0101 mask is for netbios and its address is 0xf0f0 (for command) and
0xf1f1 (for respond)
                eg : accesslist 200 deny 0xf0f0 0x0101 .... will deny
netbios.
0x0101 mask is also for IPX sap.... and its address of ssap and dsap is
0xe0e0
                eq : accesslist 200 deny 0xe0e0 0x0101 will deny ipx saps
and allow rest of the traffic
                       accesslist 200 permit 0x0000 0xffff

please let me know if ur cleared !

-Mamoor
----- Original Message -----
From: Carolyn Camarda <ccamarda@bellsouth.net>
To: CCIE Lab Mailing List <ccielab@groupstudy.com>
Sent: Thursday, February 14, 2002 4:23 AM
Subject: Regarding Access-Expressions - Confirmation Needed

> I spent all day working a problem that I finally figured out (stupid,
> stupid) as I was typing for help. Sometime the group has it's merits
> without posting.
>
> Please respond if possible:
>
> Need confirmation. Access expressions work as Boolean functions. Given
the
> following configuration:
>
> int to0
> access-expression in (lsap(200) & dmac(700))
> !
> access-list 200 deny 0x0004 0x0001
> access-list 200 permit 0x0000 0xffff
> !
> access-list 700 deny 4000.3701.2000
> access-list 700 permit 0.0.0 ffff.ffff.ffff
>
> A packet that is:
>
> denied by both ACL 200 & 700 -> is blocked from entering to0
> permitted by either but no both ACL 200 & 700 -> is blocked from
entering
> to0
> permitted by both ACL 200 & 700 -> is allowed to enter to0
>
> Changing the operand to a '|'
>
> access-expression in (lsap(200) | dmac(700))
>
> denied by both ACL 200 & 700 -> is blocked from entering to0
> permitted by either but no both ACL 200 & 700 -> is allowed to enter to0
> permitted by both ACL 200 & 700 -> is allowed to enter to0
>
> I am really looking for confirmation on the OR part.
>
> Carolyn

• Next message: Matt Wagner: "RE: SNMP warning from CERT yesterday"
• Previous message: TK-Network Çözümleri: "difference"
• Maybe in reply to: Carolyn Camarda: "Regarding Access-Expressions - Confirmation Needed"
• Next in thread: Carolyn Camarda: "Re: Regarding Access-Expressions - Confirmation Needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:22 GMT-3