From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Oct 01 2004 - 17:59:20 GMT-3
Hi guys,
I think I just came upon an acl Gotcha but want to confirm.
I was working on IE lab 10 in the dlsw section.
The task was to allow traffic from R4 to R5 over an isdn link only if the
traffic was destined to a certain mac address,abcd.abcd.abcd.
The solution given was this
R4's config:
dlsw remote-peer 0 tcp x.x.x.x keepalive 0 timeout 60 dynamic dmac-output-list
700
access-list 700 permit abcd.abcd.abcd 0000.0000.0000
At first I didn't see anything strange about this solution. But, then it
occurred to me this is quite different from a normal ip acl.
In a normal ip acl, for example, access-list 1 permit x.x.x.x m.m.m.m, the
address used is the source address, NOT the destination address.
So, is this a mistake or is this an exception to normal ip acl's?
Thanks, Tim
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:41 GMT-3