[c-nsp] LOG ACL

Virgil virgil at webcentral.com.au
Mon Jan 30 02:01:58 EST 2006


On 30/1/06 3:31 PM, "Melvin C. Etheridge" <mele at enia.net> wrote:

> I at least would like to know what ports are being used.

>From Barry Greene and Phil Smiths ISP bootcamps...see
ftp-eng.cisco.com/cons/isp.  This is from Prepare-MgtPlane-v3.2, pg 123.

access-list 170 remark Attack Classification ACL
access-list 170 remark
access-list 170 remark Transmission Control Protocol
access-list 170 permit tcp any anyestablished
access-list 170 permit tcp any anyrange 0 10000
access-list 170 permit tcp any anyrange 10001 20000
access-list 170 permit tcp any anyrange 20001 30000
access-list 170 permit tcp any anyrange 30001 40000
access-list 170 permit tcp any anyrange 40001 50000
access-list 170 permit tcp any anyrange 50001 60000
access-list 170 permit tcp any anyrange 60001 65535
access-list 170 permit tcp any anyfragments
access-list 170 remark Permit all other packets
access-list 170 remark User Datagram Protocol
access-list 170 permit udp any anyeqecho
access-list 170 permit udp any eqecho any
access-list 170 permit udp any anyfragments
access-list 170 permit udp any any
access-list 170 remark Protocol Independent Multicast
access-list 170 permit pimany any
access-list 170 remark Payload Compression Protocol
access-list 170 permit pcpany any
access-list 170 remark OSPF routing protocol
access-list 170 permit ospfany any
access-list 170 remark KA9Q NOS compatible IP over IP tunneling
access-list 170 permit nosany any
access-list 170 remark IP in IP tunneling
access-list 170 permit ipinipany any
access-list 170 remark Cisco's IGRP routing protocol
access-list 170 permit igrpany any
access-list 170 remark Internet Gateway Message Protocol
access-list 170 permit igmpany any
access-list 170 remark Cisco's GRE tunneling
access-list 170 permit greany any
access-list 170 remark Encapsulation Security Payload
access-list 170 permit espany any
access-list 170 remark Cisco's EIGRP routing protocol
access-list 170 permit eigrpany any
access-list 170 remark Authentication Header Protocol
access-list 170 permit ahpany any
access-list 170 remark Internet Control Message Protocol
access-list 170 permit icmp any anyecho
access-list 170 permit icmp any anyecho-reply
access-list 170 permit icmp any anyfragments
access-list 170 permit icmp any any
access-list 170 remark Any Internet Protocol
access-list 170 permit ip any anyfragments
access-list 170 permit ip any any


Regards
Virgil

-- 
Virgil
Network Architect, AS7496
virgil at webcentral dot com dot au



More information about the cisco-nsp mailing list