[c-nsp] Re: Re: Cisco 7600 vs Juniper M7i
Daniel Roesen
dr at cluenet.de
Fri Jun 3 06:36:41 EDT 2005
On Thu, Jun 02, 2005 at 02:21:21PM -0700, Ian Cox wrote:
> >Do you know what acl's/firewall filter rules were used on both the
> >cisco and juniper in that test?
>
> ip access-list extended IPV4_Test
> deny udp host 24.249.249.192 host 180.239.109.86 eq 2267
> deny ip host 209.243.28.227 host 49.173.154.114
> deny udp host 225.97.152.157 host 153.173.39.103 eq 1127
> deny ip host 194.9.57.153 host 49.89.36.122
> deny udp host 182.167.96.192 host 161.224.135.44 eq 883
> deny ip host 96.23.219.158 host 45.140.106.128
> deny udp host 53.180.232.251 host 139.1.169.58 eq 45
> deny ip host 128.122.193.110 host 120.241.146.150
> deny udp host 245.33.193.162 host 172.214.85.44 eq 4125
> ... 5k lines ...
> permit ip any any
>
>
> filter IPV4_Test{
>
> term term_1 {
> from {
> source-address {
> 190.111.232.241/32;
> }
> destination-address {
> 176.55.1.227/32;
> }
> protocol udp;
> destination-port 2752;
> }
> then {
> discard;
> }
> }
> term term_2 {
> from {
> source-address {
> 38.221.44.252/32;
> }
> destination-address {
> 110.55.151.90/32;
> }
> }
> then {
> discard;
> }
> }
Can we please have the _full_ ACLs with _all_ terms exactly as used
on the DUTs, and all other config too? The test is not repeatable
without those.
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the cisco-nsp
mailing list