[nsp] acl: how to suppress keyword for service in acl?
Jochen Kaiser
Jochen.Kaiser at rrze.uni-erlangen.de
Thu May 6 09:22:17 EDT 2004
Hi Tony,
no it doesn't help since the IANA file differs from the reality in
IOS. At least one example which proves the opposite, but there are
more inconsistencies:
IANA:
printer 515/tcp spooler
CISCO:
router(config)#ip access-list extended a1
router(config-ext-nacl)#permit tcp any any eq 515
router(config-ext-nacl)#^Z
router#sh ip access-lists a1
Extended IP access list a1
20 permit tcp any any eq lpd
router#
However, my solution will be to use the IANA /etc/services file for
preprocessing the acls. The IANA will be modified by a 'handmade'
diff-file which overrides the IANA specs.
regards
Jochen
On Thu, May 06, 2004 at 03:09:52AM -0700, Tony Li wrote:
>
> If it's helpful, all of the names are official names for the well known
> ports. Thus, another possible reference is the IANA port number pages.
> No telling, of course, whether or not IOS will be able to stay up
> to date.
>
> Tony
More information about the cisco-nsp
mailing list