[c-nsp] VACL configuration

Thu Oct 5 07:45:32 EDT 2006

Hi,

Pls find the VACL configuration below. From this I wanted to understand
weather I am required to put one more access-list e.g. access-list 180
permit ip any any for "lan access-map deny_spirous 20" or it will work like
this?

====
 vlan access-map deny_spirous 10
 action drop
 match ip address 175

vlan access-map deny_spirous 20
 action forward

vlan filter deny_sprious vlan-list 200

access-list 175 permit   tcp any any eq 135
access-list 175 permit   udp any any eq 135
access-list 175 permit   tcp any any eq 136
access-list 175 permit   udp any any eq 136
access-list 175 permit   tcp any any eq 137
access-list 175 permit   udp any any eq netbios-ns
access-list 175 permit   tcp any any eq 138
access-list 175 permit   udp any any eq netbios-dgm
access-list 175 permit   tcp any any eq 139
access-list 175 permit   udp any any eq netbios-ss
access-list 175 permit   tcp any any eq 1434
access-list 175 permit   tcp any any eq 445
access-list 175 permit   tcp any any eq 593
access-list 175 permit   tcp any any eq 4444
access-list 175 permit   tcp any any eq 9996
access-list 175 permit   tcp any any eq 5554
access-list 175 permit   udp any any eq 1434
access-list 175 permit   udp any any eq 445
access-list 175 permit   udp any any eq 593
access-list 175 permit   udp any any eq 4444
access-list 175 permit   udp any any eq 9996
access-list 175 permit   udp any any eq tftp
access-list 175 permit   udp any any eq 995
access-list 175 permit   udp any any eq 996
access-list 175 permit   udp any any eq 997
access-list 175 permit   udp any any eq 998
access-list 175 permit   udp any any eq 999
access-list 175 permit   udp any any eq 8998

Regards

Vikas Sharma