RE: IPX and ISDN Question

From: ying chang (ying_c@xxxxxxxxxxx)
Date: Sat May 11 2002 - 12:24:44 GMT-3

• Next message: Curtis Phillips: "Justification for use of Dialer-watch in OSPF"
• Previous message: thomas larus: "Re: RE: Online"
• Maybe in reply to: Denise Donohue: "IPX and ISDN Question"
• Next in thread: Sean C.: "Re: IPX and ISDN Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Can someone explain why the first one works and the second one does not?
Other than more specific, I'd think it should work, what exactly is it
missing?

access-list 900 deny -1 -1 0 -1 452
access-list 900 deny -1 -1 0 -1 453
access-list 900 deny -1 -1 0 -1 457
access-list 900 permit -1

>access-list 900 deny 0 any all any 457
>access-list 900 deny 0 any sap any sap
>access-list 900 deny 0 any rip any rip
>access-list 900 permit any any all any

>From: Denise Donohue <fradendon@comcast.net>
>Reply-To: Denise Donohue <fradendon@comcast.net>
>To: "'David Luu'" <wicked01@ix.netcom.com>, ccielab@groupstudy.com
>Subject: RE: IPX and ISDN Question
>Date: Sat, 11 May 2002 08:29:38 -0400
>
>The access list works beautifully! Thank you! (I had already put on all
>the spoofing.)
>
>-----Original Message-----
>From: David Luu [mailto:wicked01@ix.netcom.com]
>Sent: Friday, May 10, 2002 9:19 PM
>To: Denise Donohue; ccielab@groupstudy.com
>Subject: Re: IPX and ISDN Question
>
>
>the access-list should be...
>
>access-list 900 deny -1 -1 0 -1 452
>access-list 900 deny -1 -1 0 -1 453
>access-list 900 deny -1 -1 0 -1 457
>access-list 900 permit -1
>
>and also on the bri, add...
>
>no ipx route-cache
>ipx watchdog-spoof
>
>
>At 08:41 PM 5/10/2002 -0400, Denise Donohue wrote:
> >Speaking of dumb questions, I'm doing a lab (on Routopia's equipment,
>Peter)
> >that, in the IPX section, requires you to bring up an ISDN link between 2
> >routers only if the serial link between them goes down. And you can only
> >use static routing to do this, not snapshot or anything like that.
> >
> >The routers are running RIP between them. So I don't want RIP or SAP
> >updates to bring the link up. According to the Doc CD, the correct
>acccess
> >list to link to the dialer list is this:
> >
> >access-list 900 deny 0 any all any 457
> >access-list 900 deny 0 any sap any sap
> >access-list 900 deny 0 any rip any rip
> >access-list 900 permit any any all any
> >
> >I turned off RIP on the ISDN interface, but SAPs still bring the link up,
> >even with this access list on the dialer list. The only way I can keep
>the
> >line down is to add a line denying all broadcasts:
> >
> >access-list 900 deny any any all 72.ffff.ffff.ffff
> >
> >Have any of you had success creating an access list, to use with a dialer
> >list, that will prevent RIP and SAPs both from being interesting traffic,
> >without denying all broadcasts?
> >
> >--- Denise (a real person) ;-)

• Next message: Curtis Phillips: "Justification for use of Dialer-watch in OSPF"
• Previous message: thomas larus: "Re: RE: Online"
• Maybe in reply to: Denise Donohue: "IPX and ISDN Question"
• Next in thread: Sean C.: "Re: IPX and ISDN Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:54 GMT-3