Please help... In the example :access-list 101 deny tcp host 172.16.3.10 172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the terms "tcp" and "ip" refer to the individual protocols or the stack ? I assume they refer to the individual protocols as you could substitute them with "udp" or "icmp" but then surely the last statement would allow only the individual "ip" protocol and therefore all other packets such as tcp , udp, icmp would be filtered. Or does tcp , udp , icmp get through because it is encapsulated in ip ? ( I hate the OSI model ) -DJ
--------------------------------- Get a bigger mailbox -- choose a size that fits your needs. http://uk.docs.yahoo.com/mail_storage.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51235&t=51235 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]