Re: IPX access-list to block rip and sap

From: Bob Chahal (bob.chahal@xxxxxxxxxxxx)
Date: Mon Aug 27 2001 - 06:19:07 GMT-3

• Next message: Bob Chahal: "Re: DLSW icanreach"
• Previous message: Neil Garcia Legada: "BGP AS Path Pre-pending"
• Maybe in reply to: Bob Chahal: "IPX access-list to block rip and sap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Thanks Devender,

The first line was to allow cisco ipx pings (so I could test a DDR
connection). Since I haven't any extensive Novell experience I was trying to
understand how a rip or sap process communicate using sockets. IP
applications (that initiate a connection) will generally use a random source
port (>1023) and a specific destination port. It seems that in IPX rip and
sap use the same IPX socket in much the same way as NTP does in IP. I'm
trying to figure how you could nail the access-list to be more specific
which your suggestion is.

Bob

----- Original Message -----
From: "Devender Singh" <devender.singh@cmc.cwo.net.au>
To: "Bob Chahal" <bob.chahal@ntlworld.com>; <ccielab@groupstudy.com>
Sent: Monday, August 27, 2001 2:39 AM
Subject: RE: IPX access-list to block rip and sap

> Bob,
>
> I will go with the following: If you look at it, your first command is
> redundant.
>
> access-list 900 deny rip any rip any rip
> access-list 900 deny sap any sap any sap
> access-list 900 deny any any 457
> access-list 900 permit any
>
> Devender Singh
> BE(Hons), CCNP
> IP Solution Specialist
>
>
> -----Original Message-----
> From: Bob Chahal [mailto:bob.chahal@ntlworld.com]
> Sent: Wednesday, 22 August 2001 8:34
> To: ccielab@groupstudy.com
> Subject: IPX access-list to block rip and sap
>
>
> When creating an access-list that blocks all ipx rip,sap and serialisation
> packets but allow ipx pings and all other traffic I do
>
> access-list 900 permit rip any cping any cping
> access-list 900 deny rip any rip any all
> access-list 900 deny sap any sap any all
> access-list 900 deny any any 457
> access-list 900 permit any
>
> In a bootcamp lab (5) their answer is
>
> access-list 901 deny any any all any rip
> access-list 901 deny any any all any sap
> access-list 901 deny any any all any 457
> access-list 901 permit any any all any all
>
> I know my list blocks rip and sap but as I have very little real life ipx
> experience so can anyone explain the difference or which more correct?
>
> Thanks
>
> Bob
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Bob Chahal: "Re: DLSW icanreach"
• Previous message: Neil Garcia Legada: "BGP AS Path Pre-pending"
• Maybe in reply to: Bob Chahal: "IPX access-list to block rip and sap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:58 GMT-3