From: Zachary Hinz (z_hinz@hotmail.com)
Date: Tue Sep 09 2003 - 22:33:06 GMT-3
The wording of your question is a little odd. I assume it is asking that on
R1 you should allow only TPTP traffic that is destined for hosts on R2's
Ethernet segement. If this is the case then the access-list is written as
follows:
ip access-list extended TFTP_TO_R2ETHERNET
permit udp any 192.168.5.0 0.0.0.255 eq 69
deny udp any any eq 69
permit ip any any
int e1/0
ip access-group TFTP_TO_R2ETHERNET out
Don't forget the "permit ip any any" at the end of your access-list, or
everthing else will be denied.
Zac
>From: Arifur Rahman <arahman@cisco.com>
>Reply-To: Arifur Rahman <arahman@cisco.com>
>To: <ccielab@groupstudy.com>
>Subject: access-list question
>Date: Tue, 09 Sep 2003 14:00:34 -0700
>
><resending, there was a typo>
>Hi
>I have an access-list question that might be trivial but I am confused. My
>topology is like below
>
>---r1# (e1/0)--------r2#----(192.168.5.0/24 subnet)--
>
>and statement is "permit tftp traffic to be received by hosts on r2's
>ethernet segment only"
>
>Which one is correct and why
>
>r1#
>int e1/0
> ip access-group 100 in
>access-list 100 permit udp 192.168.5.0 0.0.0.255 any eq tftp
>access-list 100 deny udp any any eq tftp
>
>or
>
>r1#
>int e1/0
> ip access-group 100 in
>access-list 100 permit udp any 192.168.5.0 0.0.0.255 eq tftp
>access-list 100 deny udp any any eq tftp
>
>or neither is correct :)
>
>Appreciate your time. thanks - Arif
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3