[c-nsp] Re: Re: Cisco 7600 vs Juniper M7i

Daniel Roesen dr at cluenet.de
Fri Jun 3 06:36:41 EDT 2005


On Thu, Jun 02, 2005 at 02:21:21PM -0700, Ian Cox wrote:
> >Do you know what acl's/firewall filter rules were used on both the
> >cisco and juniper in that test?
> 
> ip access-list extended IPV4_Test
>   deny udp host 24.249.249.192 host 180.239.109.86 eq 2267
>   deny ip host 209.243.28.227 host 49.173.154.114
>   deny udp host 225.97.152.157 host 153.173.39.103 eq 1127
>   deny ip host 194.9.57.153 host 49.89.36.122
>   deny udp host 182.167.96.192 host 161.224.135.44 eq 883
>   deny ip host 96.23.219.158 host 45.140.106.128
>   deny udp host 53.180.232.251 host 139.1.169.58 eq 45
>   deny ip host 128.122.193.110 host 120.241.146.150
>   deny udp host 245.33.193.162 host 172.214.85.44 eq 4125
>   ... 5k lines ...
>   permit ip any any
> 
> 
> filter IPV4_Test{
> 
>      term term_1 {
>          from {
>              source-address {
>                  190.111.232.241/32;
>              }
>              destination-address {
>                  176.55.1.227/32;
>              }
>              protocol udp;
>              destination-port 2752;
>          }
>          then {
>              discard;
>          }
>      }
>          term term_2 {
>              from {
>                  source-address {
>                      38.221.44.252/32;
>                  }
>                  destination-address {
>                      110.55.151.90/32;
>                  }
>              }
>              then {
>                  discard;
>              }
>          }

Can we please have the _full_ ACLs with _all_ terms exactly as used
on the DUTs, and all other config too? The test is not repeatable
without those.


Best regards,
Daniel

-- 
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0


More information about the cisco-nsp mailing list