What were the requirements for the access-list? did you run through it with a few samples? the kinds of samples that I use to test access-lists are:
1. the target network and hosts to be specfically permitted/denied 2. networks and hosts 'close' to the target networks (especially if there's a range involved) 3. other networks and hosts with the same classful prefix 4. repeat the above 3 for protocol types flow and order in ACL's are always very important, and I've learned that there are many different ways to skin the same cat, but there are also ways that *look* correct but contain other holes or restrictions that make the ACL incorrect. The most recent example is the "permit even networks" thread that has been going around. PS - I'll check it when you give me the access-list requirements -e- ----- Original Message ----- From: "Timothy Ouellette" To: Sent: Thursday, November 01, 2001 6:25 PM Subject: Access-list question [7:25008] > Hey guys/gals, > > After doing a simple mentorlabs vlab, I just wanted to make sure that I > didn't miss anything on my access-list config. The router names/places > have been masked to protect the innocent. Does my ACL do exactly the > same job as theirs but with more lines (hey, who needs efficiency > *grin*) > > Tim > > > Theirs: > access-list 101 deny icmp any any echo log > access-list 101 permit icmp any any echo-reply log > access-list 101 permit tcp host 10.1.1.2 any eq telnet log > access-list 101 permit tcp any eq telnet any established log > access-list 101 permit udp any any eq rip log > access-list 101 deny ip any any log > > > Mine: > access-list 101 permit icmp any host 10.1.1.1 echo-reply > access-list 101 permit icmp any host 10.1.2.1 echo-reply > access-list 101 deny icmp any host 10.1.1.1 log > access-list 101 deny icmp any host 10.1.2.1 log > access-list 101 deny icmp any 10.14.0.0 0.0.255.255 log > access-list 101 permit icmp any any > access-list 101 permit tcp host 10.1.1.2 any eq telnet log > access-list 101 permit tcp any eq telnet any established log > access-list 101 permit udp any any eq rip _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25013&t=25008 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
