[c-nsp] Re: Re: Cisco 7600 vs Juniper M7i
Ian Cox
icox at cisco.com
Thu Jun 23 10:33:52 EDT 2005
At 03:22 PM 6/23/2005 +0200, Daniel Roesen wrote:
>On Fri, Jun 03, 2005 at 12:36:41PM +0200, Daniel Roesen wrote:
> > Can we please have the _full_ ACLs with _all_ terms exactly as used
> > on the DUTs, and all other config too? The test is not repeatable
> > without those.
>
>I guess the non-response can be considered a "no". I'm drawing my
>conclusions from that.
I can forward you the full ACL offline if you really want them. You
don't need to use the same ACL it happens for ACLs which are extended
ACLs from my previous email. In fact it is most probably better you
use similar but different ACLs to confirm the findings. The ACLs used
were created using random number generators, just create an ACL with
5k lines and matching hosts and tcp/udp port numbers. The last line
in the ACLs is ip permit any any.
ip access-list extended IPV4_Test
deny udp host 24.249.249.192 host 180.239.109.86 eq 2267
deny ip host 209.243.28.227 host 49.173.154.114
deny udp host 225.97.152.157 host 153.173.39.103 eq 1127
deny ip host 194.9.57.153 host 49.89.36.122
deny udp host 182.167.96.192 host 161.224.135.44 eq 883
filter IPV4_Test{
term term_1 {
from {
source-address {
190.111.232.241/32;
}
destination-address {
176.55.1.227/32;
}
protocol udp;
destination-port 2752;
}
then {
discard;
}
}
Ian
>Best regards,
>Daniel
>
>--
>CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list