RE: Voice Traffic ACL

From: Scott Morris (swm@emanon.com)
Date: Thu Oct 07 2004 - 16:26:07 GMT-3

• Next message: john matijevic: "RE: NAT Outside & RIP unicast updates"
• Previous message: gladston@br.ibm.com: "CEF and CAR"
• Maybe in reply to: high spirit: "Voice Traffic ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Generically speaking, I think they would be pretty fair. I would sooner use
your second one (with precedence) to be more specific about what you are
blocking.

Personally, I always prefer precise. That way there are no accidents or
fixes to be done later!

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIP, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of high
spirit
Sent: Thursday, October 07, 2004 3:02 PM
To: swm@emanon.com; ccielab@groupstudy.com
Subject: RE: Voice Traffic ACL

 hi scott ,
    thanx for ur reply ,
The question i'm confronted with doesn't mention anything about h.323 or any
other voice protocol/suite . So in general , i could think of is the below
mentioned acls ...

 access-list 121 deny udp any any range 16384 32767

   OR to be more precise ...

access-list 121 deny udp any any range 16384 32767 precedence 5

Will i be wrong if i use them ??? or any one of them (if both are not right)
?? or any other acl which can block the voice traffic in general .....

Do let us know .....
Thanx ,
  Imran .

--- Scott Morris <swm@emanon.com> wrote:
> If you are looking to deny H.323 traffic, it may be easier simply to
> block tcp/1720. Without the call setup working, you likely won't get
> transiting voice data. :)
>
> As far as "all" voice traffic, I'd say that would completely depend on
> your scenario. Voice deals in so many different protocols, most of
> which simply aren't testable on the R&S lab. Sooooo.....
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service
> Provider) #4713, CISSP,
> JNCIP, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of high spirit
> Sent: Thursday, October 07, 2004 2:23 PM
> To: ccielab@groupstudy.com
> Subject: Voice Traffic ACL
>
> hi groups ,
>
> if i am to make an acl to block all voice traffic then ....
>
> access-list 121 deny udp any any range 16384 32767
>
>
> will the above acl deny all voice traffice and allow rest of the
> traffic or there is another way to write the acl ????
>
>
>
> Thanx ,
> imran .
>
>
>
>
>
>
>
>

• Next message: john matijevic: "RE: NAT Outside & RIP unicast updates"
• Previous message: gladston@br.ibm.com: "CEF and CAR"
• Maybe in reply to: high spirit: "Voice Traffic ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:45 GMT-3