Re: access-list question

From: Arifur Rahman (arahman@cisco.com)
Date: Tue Sep 09 2003 - 18:30:36 GMT-3

• Next message: Arifur Rahman: "Re: access-list question"
• Previous message: navaid@rogers.com: "Re: access-list question"
• Maybe in reply to: Arifur Rahman: "access-list question"
• Next in thread: Arifur Rahman: "Re: access-list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi
Thank you for quick response. Actually I was too lazy to write third line.
So complete one

int e1/0
    ip access-group 100 in
access-list 100 permit udp 192.168.5.0 0.0.0.255 any eq tftp
or access-list 100 permit udp any 192.168.5.0 0.0.0.255 eq tftp
access-list 100 deny udp any any eq tftp
access-list 100 permit ip any any

 From "permit tftp traffic to be received by hosts on r2's ethernet
segment only" it seems that tftp client reside in 192.168.5.0 subnet but
"access-list 100 permit udp 192.168.5.0 0.0.0.255 any eq tftp" makes me
think that server is in 192.168.5.0 subnet. Anybody has more explanation,
please ...

thank you - Arif

At 03:00 PM 9/9/2003 -0600, miken wrote:
>Arif,
>
>See my 2 cents worth inline.
>
>Thanks,
>Mike N
>
>----- Original Message -----
>From: "Arifur Rahman" <arahman@cisco.com>
>To: <ccielab@groupstudy.com>
>Sent: Tuesday, September 09, 2003 2:23 PM
>Subject: access-list question
>
>
> > Hi
> > I have an access-list question that might be trivial but I am confused. My
> > topology is like below
> >
> > ---r1# (e1/0)--------r2#----(192.168.5.0/24 subnet)--
> >
> > and statement is "permit tftp traffic to be received by hosts on r2's
> > ethernet segment only"
> >
> > Which one is correct and why
> >
> > r1#
> > int e1/0
> > ip access-group 100
> > access-list 100 permit udp 192.168.5.0 0.0.0.255 any eq tftp
> *correct: source address of R2's subnet to any destination using upd
>port 69
> > access-list 100 deny udp any any eq tftp
> *not needed: Do you really want to black all other traffic such as
>routing protocols, telnet, ssh, etc?
> >
> > or
> >
> > r1#
> > int e1/0
> > ip access-group 100
> > access-list 100 permit udp any 192.168.5.0 0.0.0.255 eq tftp
> > access-list 100 deny udp any any eq tftp
> >
> > or neither is correct :)
> >
> > Appreciate your time. thanks - Arif
> >
> >
> > _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Arifur Rahman: "Re: access-list question"
• Previous message: navaid@rogers.com: "Re: access-list question"
• Maybe in reply to: Arifur Rahman: "access-list question"
• Next in thread: Arifur Rahman: "Re: access-list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3