Re: Re : Basic ACL Q ....

From: Ben (bmunyao@gmail.com)
Date: Wed Sep 05 2007 - 14:48:17 ART

• Next message: Mohamed M Moustafa: "Re: Re : Basic ACL Q ...."
• Previous message: Gordon Mac Donald: "Re: I suck"
• Maybe in reply to: Mohamed M Moustafa: "Re : Basic ACL Q ...."
• Next in thread: Mohamed M Moustafa: "Re: Re : Basic ACL Q ...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

ccie1101,

He means both source/destination ports in RIP packets are udp/520. In other
words the following solutions should all match rip traffic:

1. access-l 100 permit udp host 192.10.1.2 eq rip any

2. access-l 100 permit udp host 192.10.1.2 any eq rip

3. access-l 100 permit udp host 192.10.1.2 eq rip any eq rip

HTH

Ben

On 9/5/07, ccie1101 <ccie1101@gmail.com> wrote:
>
> Mohammed ,
> So you are saying that if you do not specify the port number, it will know
> it is rip ???
>
> *That a host with an IP address of **192.10.1.2* <http://10.20.30.40/>*54
> is
> to send rip updates to all host on its ethernet segment. *
>
> My answer :-
> access-list 100 permit udp host 192.10.1.254 eq rip any
>
> The solution given is
> access-list 100 permit udp host 192.10.1.254 any eq rip
>
> This would mean that we could write the acl as follows and rip information
> will be passed from 192.10.1.254 to other host running rip on the segment
> ?
> access-list 100 permit udp host 192.10.1.254 any
>
> Is this what you are saying ?
>
> ccie1101.
>
>
>
> On 9/5/07, Mohamed M Moustafa <mmma@gawab.com> wrote:
> >
> > Hi,
> >
> > Both should work as RIP (unlike BGP) uses UDP port 520 as both the
> source
> > and the destination.
> >
> > BR,
> > Mohammed Mahmoud.
> >
> >
> > ccie1101 <ccie1101@gmail.com> wrote on 5 Sep 2007, 12:36 PM:
> > Subject: Re : Basic ACL Q ....
> > > Hi,
> > > I have a basic question on ACL .... The question says :-
> > >*That a host with an IP address of 192.10.1.2 <http://10.20.30.40/>54
> is
> > to
> > >send rip updates to all host on its ethernet segment.*
> > >
> > > The way that I constructed the ACL is as follows :-
> > >
> > >access-list 100 permit udp host 192.10.1.254 eq rip any
> > >access-list 100 deny ip any any
> > >
> > > The solution given was '*host 192.10.1.254 any eq rip*'
> .....
> > >
> > >Pls enlighten,
> > >**
> > >Thank you,
> > >
> > >ccie1101.
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> > ---------------------------------------------
> > Free POP3 Email from www.Gawab.com
> > Sign up NOW and get your account @gawab.com!!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mohamed M Moustafa: "Re: Re : Basic ACL Q ...."
• Previous message: Gordon Mac Donald: "Re: I suck"
• Maybe in reply to: Mohamed M Moustafa: "Re : Basic ACL Q ...."
• Next in thread: Mohamed M Moustafa: "Re: Re : Basic ACL Q ...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART