From: David Luu (wicked01@xxxxxxxxxxxxx)
Date: Sat May 11 2002 - 17:33:26 GMT-3
the second one below should actually be...
access-list 900 deny any any all any 457
access-list 900 deny sap any sap any sap
access-list 900 deny rip any rip any rip
access-list 900 permit any any all any all
i just use -1 cause its a lot easier for me, it looks a lot more organized
to me
At 11:24 AM 5/11/2002 -0400, ying chang wrote:
>Can someone explain why the first one works and the second one does not?
>Other than more specific, I'd think it should work, what exactly is it missing
?
>
>access-list 900 deny -1 -1 0 -1 452
>access-list 900 deny -1 -1 0 -1 453
>access-list 900 deny -1 -1 0 -1 457
>access-list 900 permit -1
>
>>access-list 900 deny 0 any all any 457
>>access-list 900 deny 0 any sap any sap
>>access-list 900 deny 0 any rip any rip
>>access-list 900 permit any any all any
>
>
>
>
>
>>From: Denise Donohue <fradendon@comcast.net>
>>Reply-To: Denise Donohue <fradendon@comcast.net>
>>To: "'David Luu'" <wicked01@ix.netcom.com>, ccielab@groupstudy.com
>>Subject: RE: IPX and ISDN Question
>>Date: Sat, 11 May 2002 08:29:38 -0400
>>
>>The access list works beautifully! Thank you! (I had already put on all
>>the spoofing.)
>>
>>-----Original Message-----
>>From: David Luu [mailto:wicked01@ix.netcom.com]
>>Sent: Friday, May 10, 2002 9:19 PM
>>To: Denise Donohue; ccielab@groupstudy.com
>>Subject: Re: IPX and ISDN Question
>>
>>
>>the access-list should be...
>>
>>access-list 900 deny -1 -1 0 -1 452
>>access-list 900 deny -1 -1 0 -1 453
>>access-list 900 deny -1 -1 0 -1 457
>>access-list 900 permit -1
>>
>>and also on the bri, add...
>>
>>no ipx route-cache
>>ipx watchdog-spoof
>>
>>
>>At 08:41 PM 5/10/2002 -0400, Denise Donohue wrote:
>> >Speaking of dumb questions, I'm doing a lab (on Routopia's equipment,
>>Peter)
>> >that, in the IPX section, requires you to bring up an ISDN link between 2
>> >routers only if the serial link between them goes down. And you can only
>> >use static routing to do this, not snapshot or anything like that.
>> >
>> >The routers are running RIP between them. So I don't want RIP or SAP
>> >updates to bring the link up. According to the Doc CD, the correct acccess
>> >list to link to the dialer list is this:
>> >
>> >access-list 900 deny 0 any all any 457
>> >access-list 900 deny 0 any sap any sap
>> >access-list 900 deny 0 any rip any rip
>> >access-list 900 permit any any all any
>> >
>> >I turned off RIP on the ISDN interface, but SAPs still bring the link up,
>> >even with this access list on the dialer list. The only way I can keep the
>> >line down is to add a line denying all broadcasts:
>> >
>> >access-list 900 deny any any all 72.ffff.ffff.ffff
>> >
>> >Have any of you had success creating an access list, to use with a dialer
>> >list, that will prevent RIP and SAPs both from being interesting traffic,
>> >without denying all broadcasts?
>> >
>> >--- Denise (a real person) ;-)
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:54 GMT-3