From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Dec 10 2004 - 10:35:47 GMT-3
Wei,
When you say "filter", do you mean allow only www or deny www?
Usually, filter means deny, so you're permit statement really should be a
deny statement.
Now, I'm 95% sure that to filter www traffic, you want to filter traffic
with a destination port of 80 which is what a client uses to request www.
So, the correct acl statement would be:
access-list 100 deny tcp any any eq www
access-list 100 perm <enter what's permitted or all traffic will be blocked
by implicit deny at end>
HTH, Tim
----- Original Message -----
From: "ccie zeng" <ccie.candidate@gmail.com>
To: <ccielab@groupstudy.com>
Sent: Friday, December 10, 2004 5:07 AM
Subject: filter www traffic
> Hi:
> I have following topology
>
> R1 --- R2
> I was asked to configure on R1 to filter inbound www traffic from R2,
> should I configure:
>
> access-list 100 permit tcp any any eq www
> OR
> access-list 100 permit tcp any eq www any
>
> Thanks
> Wei
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:26 GMT-3