From: McClure, Allen (Allen.McClure@Yum.com)
Date: Tue Sep 09 2003 - 17:49:24 GMT-3
Neither is correct per the requirement, although the wording is a bit
rough.
access-list 100 permit udp any 192.168.5.0 0.0.0.255 eq tftp
access-list 100 deny udp any any eq tftp
Access-list 100 permit any any
int e1/0
Ip access-group 100 out
1st line - Allows any source to access TFTP on 192.168.5.0
2nd line - denies all sources access to tftp (except for what line 1 has
already permitted)
3rd line - permit all other traffic not matched by line 1 or 2
Keep in mind this only block traffic going out of ethernet1/0. Traffic
originating from the segement between R1 and R2 would not be affected
by this list.
Allen G. McClure
CCNP/CCDP/MCSE
Yum! Brands, Inc.
Sr. Network Analyst
allen.mcclure@yum.com
-----Original Message-----
From: Arifur Rahman [mailto:arahman@cisco.com]
Sent: Tuesday, September 09, 2003 3:24 PM
To: ccielab@groupstudy.com
Subject: access-list question
Hi
I have an access-list question that might be trivial but I am confused.
My
topology is like below
---r1# (e1/0)--------r2#----(192.168.5.0/24 subnet)--
and statement is "permit tftp traffic to be received by hosts on r2's
ethernet segment only"
Which one is correct and why
r1#
int e1/0
ip access-group 100
access-list 100 permit udp 192.168.5.0 0.0.0.255 any eq tftp
access-list 100 deny udp any any eq tftp
or
r1#
int e1/0
ip access-group 100
access-list 100 permit udp any 192.168.5.0 0.0.0.255 eq tftp
access-list 100 deny udp any any eq tftp
or neither is correct :)
Appreciate your time. thanks - Arif
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3