RE: acess list question

2000-11-22 Thread Yee, Jason
deny should come before permit also to deny ftp not only must you block port 20 but also port 21 (ftp-data) Jason Yee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sisqo Sent: Tuesday, November 14, 2000 11:08 AM To: [EMAIL PROTECTED] Subject: acess l

Re: acess list question

2000-11-13 Thread Chuck Larrieu
at what layer does the second line work, as opposed to the first line? therein lies your answer Chuck "Sisqo" <[EMAIL PROTECTED]> wrote in message 8uq9lf$75v$[EMAIL PROTECTED]">news:8uq9lf$75v$[EMAIL PROTECTED]... > Access-list 101 permit ip any any > Access-list 101 deny tcp any any eq ftp > >

Re: acess list question

2000-11-13 Thread Brian
Access lists are only parsed until a match is made. The first line will match ftp, as well as all other tcp/ip traffic. You need to reverse the order of your lines: Access-list 101 deny tcp any any eq ftp Access-list 101 permit ip any any brian On Mon, 13 Nov 2000, Sisqo wrote: > Access-

RE: acess list question

2000-11-13 Thread Jason Baker
try reversing the accesslist :).. in access lists if it matches the rule then it is processed and no more processing.. line 2 becomes line 1, and line 1 becomes line 2.. try it out :) your first line says permit all ip... which includes FTP :). Regards, Jason Baker Network Engineer MCSE, CCNA,

RE: acess list question

2000-11-14 Thread lawrence sculark
thanks jason and chuck, for reminding us to think of the order of processing in acess-list...lawrence >From: Jason Baker <[EMAIL PROTECTED]> >Reply-To: Jason Baker <[EMAIL PROTECTED]> >To: "'Sisqo'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >S

Re: acess list question

2000-11-14 Thread Brian W.
remember a successful connection requires both ftp and ftp-data to be allowed thru.. Bri On Mon, 13 Nov 2000, Brian wrote: > > Access lists are only parsed until a match is made. The first line will > match ftp, as well as all other tcp/ip traffic. You need to reverse the > order of

Re: acess list question

2000-11-15 Thread A. Geoffrey Cauchi
Access-lists are sequential, use deny before permit!! Furthermore, you have to apply them to the relevant interface from where the requests are coming. Geoff - Original Message - From: "Sisqo" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Tuesday, Novem

Re: acess list question

2000-11-15 Thread Bradley J. Wilson
- Original Message - From: A. Geoffrey Cauchi Access-lists are sequential, use deny before permit!! Well, not exactly. I would re-phrase this and say, "Put more specific before less specific." Let's say I want to permit host 1.2.3.4/24, and deny the rest of the subnet 1.2.3.0/24. If