From: Rik Guyler (rik@guyler.net)
Date: Sat Mar 22 2008 - 16:22:27 ART
In this case the policy map, when applied to an interface will act as a
basic ACL since it will match the traffic in the class allowed by the ACL
and then perform the "drop" action against that traffic. The requirements
didn't state you couldn't use the ACL within a policy, only that you had to
create one without any deny statements.
I've used this very format on routers with very large access controls as
this is really the only way to nest ACLs for modularity.
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
omair naim
Sent: Friday, March 21, 2008 6:31 PM
To: Asif; lhall@setnine.com; ccielab@groupstudy.com
Subject: RE: ACL Question -
How would class maps solve this issue, vlan maps sounds ok but what if they
are asking it on a router !!> Date: Fri, 21 Mar 2008 22:00:44 +0300> From:
asif@vanoo.com> To: lhall@setnine.com; ccielab@groupstudy.com> Subject: Re:
ACL Question -> > Hall,> > Whats your opinion about this ; correct the last
part of it.> > ip access-list extended ABC> permit 192.168.1.0 0.0.0.255
172.20.1.0 0.0.0.15> > vlan access-map m1 100> match ip address ABC> action
drop> > ## Permit any other traffic to 172.20.1.0/28 ###> > vlan
drop> > access-map m1
120 > ?????? ( # I am not able to get this correctly )> > > >
lhall@setnine.com wrote:> > If you can use class-maps you can do it with
`match not ...`, or make> > a time based acl with the time already having
passed.> >> > Luca> >> >> >> > > >> Hi 2 All,> >>> >> Plz help with solution
:-> >>> >>> >> configure an acl with name "ABC" to obtain the following
requirement.> >> Deny all ip traffic from 192.168.1.0/24 to subnet
172.20.1.0/28Permit any> >> other traffic to 172.20.1.0/28> >> Do not use
any deny statements, Use only Permit statements.........> >>> >>
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART