Re: FW: Switch 2924XL & access-list

From: Adam Rothschild (asr@latency.net)
Date: Mon Aug 28 2000 - 11:54:36 EDT

FYI, since a few people have asked, here's a sample Cat6k ACL config,
which is especially great for tormenting Windows users... ;)

set security acl ip LAME deny tcp any host 10.7.0.192 eq 135
set security acl ip LAME deny tcp any host 10.7.0.192 eq 136
set security acl ip LAME deny tcp any host 10.7.0.192 eq 137
set security acl ip LAME deny tcp any host 10.7.0.192 eq 138
set security acl ip LAME deny tcp any host 10.7.0.192 eq 139
set security acl ip LAME deny tcp host 10.7.0.192 any eq 135
set security acl ip LAME deny tcp host 10.7.0.192 any eq 136
set security acl ip LAME deny tcp host 10.7.0.192 any eq 137
set security acl ip LAME deny tcp host 10.7.0.192 any eq 138
set security acl ip LAME deny tcp host 10.7.0.192 any eq 139
set security acl ip LAME permit ip any any
commit security acl LAME
set security acl map LAME 1

I think you need to enable protocol filtering (set protocolfilter
enable) for this to work.

-adam

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT