[c-nsp] Re: Cisco 7600 vs Juniper M7i

Ian Cox icox at cisco.com
Thu Jun 2 17:21:21 EDT 2005


At 03:20 PM 6/2/2005 -0400, Phil Rosenthal wrote:



>>The system used for the Miercom test did not have a DFCx installed
>>on it.
>
>Do you know what acl's/firewall filter rules were used on both the
>cisco and juniper in that test?

ip access-list extended IPV4_Test
  deny udp host 24.249.249.192 host 180.239.109.86 eq 2267
  deny ip host 209.243.28.227 host 49.173.154.114
  deny udp host 225.97.152.157 host 153.173.39.103 eq 1127
  deny ip host 194.9.57.153 host 49.89.36.122
  deny udp host 182.167.96.192 host 161.224.135.44 eq 883
  deny ip host 96.23.219.158 host 45.140.106.128
  deny udp host 53.180.232.251 host 139.1.169.58 eq 45
  deny ip host 128.122.193.110 host 120.241.146.150
  deny udp host 245.33.193.162 host 172.214.85.44 eq 4125
  ... 5k lines ...
  permit ip any any


filter IPV4_Test{

     term term_1 {
         from {
             source-address {
                 190.111.232.241/32;
             }
             destination-address {
                 176.55.1.227/32;
             }
             protocol udp;
             destination-port 2752;
         }
         then {
             discard;
         }
     }
         term term_2 {
             from {
                 source-address {
                     38.221.44.252/32;
                 }
                 destination-address {
                     110.55.151.90/32;
                 }
             }
             then {
                 discard;
             }
         }



Ian

>Would you mind posting that information?


More information about the cisco-nsp mailing list