RE: Question in logic anyone?

From: Brian Dennis (brian@labforge.com)
Date: Fri Mar 14 2003 - 22:17:18 GMT-3

• Next message: Howard C. Berkowitz: "Re: Features that require 2 3550's"
• Previous message: cebuano: "RE: Features that require 2 3550's"
• Maybe in reply to: Stewart, Dirk: "Question in logic anyone?"
• Next in thread: Voss, David: "RE: Question in logic anyone?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dirk,
Both ACL's will always deny OSPF. They will never permit OSPF. Why?

You can't deny OSPF and then permit OSPF later.

access-list 101 deny ospf any any
access-list 101 permit ospf any any time-range maxtime
access-list 101 permit ip any any time-range maxtime

Whenever the time-range is active it will deny OSPF. Whenever it's not
active it will also deny OSPF.

access-list 101 deny ospf any any time-range maxtime
access-list 101 permit ip any any time-range maxtime
access-list 101 deny ip any any (implicit)

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) CCSI# 98640
brian@labforge.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Stewart, Dirk
Sent: Friday, March 14, 2003 4:07 PM
To: ccielab@groupstudy.com
Subject: Question in logic anyone?

which one is better in logic to keep ospf from dialing on time only?
Is deny ospf on the whole better within the time or putting ospf in time
only access!

access-list 101 deny ospf any any
access-list 101 permit ospf any any time-range maxtime
access-list 101 permit ip any any time-range maxtime

OR

access-list 101 deny ospf any any time-range maxtime
access-list 101 permit ip any any time-range maxtime
!
time-range maxtime
 periodic Friday Saturday 7:00 to 21:00

interface config -------------------------------------------------
!
interface BRI0
 ip address 133.20.1.1 255.255.255.252
 encapsulation ppp
 ip ospf authentication message-digest
 ip ospf message-digest-key 10 md5 cisco1

 ip ospf cost 9999
 ip ospf demand-circuit

 dialer map ip 133.20.1.2 name R3 broadcast 7155491000
 dialer map ip 133.20.1.2 name R3 broadcast 7155491001
 dialer load-threshold 1 outbound
 dialer-group 10
 isdn switch-type basic-net3
 ppp authentication chap
 ppp multilink

-----------------------------------------------------------------------

The contents of this message have been scanned for viruses by
the TruSecure ShadowMail Service, and no viruses were found.

-----------------------------------------------------------------------

* This message has been processed by TruSecure's ShadowMail service

• Next message: Howard C. Berkowitz: "Re: Features that require 2 3550's"
• Previous message: cebuano: "RE: Features that require 2 3550's"
• Maybe in reply to: Stewart, Dirk: "Question in logic anyone?"
• Next in thread: Voss, David: "RE: Question in logic anyone?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:40 GMT-3