From: Arifur Rahman (arahman@cisco.com)
Date: Tue Sep 09 2003 - 18:57:32 GMT-3
Hi Mike
I think you are right. Client (source 192.168.5.0 subnet) initiates the
session on server port 69 to server of any destination. "access-list 100
permit udp 192.168.5.0 0.0.0.255 any eq tftp" is permitting that. Is it right?
thank you - Arif
At 03:00 PM 9/9/2003 -0600, miken wrote:
>Arif,
>
>See my 2 cents worth inline.
>
>Thanks,
>Mike N
>
>----- Original Message -----
>From: "Arifur Rahman" <arahman@cisco.com>
>To: <ccielab@groupstudy.com>
>Sent: Tuesday, September 09, 2003 2:23 PM
>Subject: access-list question
>
>
> > Hi
> > I have an access-list question that might be trivial but I am confused. My
> > topology is like below
> >
> > ---r1# (e1/0)--------r2#----(192.168.5.0/24 subnet)--
> >
> > and statement is "permit tftp traffic to be received by hosts on r2's
> > ethernet segment only"
> >
> > Which one is correct and why
> >
> > r1#
> > int e1/0
> > ip access-group 100
> > access-list 100 permit udp 192.168.5.0 0.0.0.255 any eq tftp
> *correct: source address of R2's subnet to any destination using upd
>port 69
> > access-list 100 deny udp any any eq tftp
> *not needed: Do you really want to black all other traffic such as
>routing protocols, telnet, ssh, etc?
> >
> > or
> >
> > r1#
> > int e1/0
> > ip access-group 100
> > access-list 100 permit udp any 192.168.5.0 0.0.0.255 eq tftp
> > access-list 100 deny udp any any eq tftp
> >
> > or neither is correct :)
> >
> > Appreciate your time. thanks - Arif
> >
> >
> > _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3