[c-nsp] VACL configuration

Adam Greene maillist at webjogger.net
Thu Oct 5 11:27:25 EDT 2006 

Vikas,

I can tell you that adding the additional access list will work. I am not
sure if you can do it in the way you state (i.e. without the additional ACL)
as I have not tried it.

HTH,
Adam

----- Original Message ----- 
From: "Vikas Sharma" <vikassharmas at gmail.com>
To: <cisco-nsp at puck.nether.net>
Sent: Thursday, October 05, 2006 7:45 AM
Subject: [c-nsp] VACL configuration


> Hi,
>
> Pls find the VACL configuration below. From this I wanted to understand
> weather I am required to put one more access-list e.g. access-list 180
> permit ip any any for "lan access-map deny_spirous 20" or it will work
like
> this?
>
> ====
>  vlan access-map deny_spirous 10
>  action drop
>  match ip address 175
>
> vlan access-map deny_spirous 20
>  action forward
>
> vlan filter deny_sprious vlan-list 200
>
> access-list 175 permit   tcp any any eq 135
> access-list 175 permit   udp any any eq 135
> access-list 175 permit   tcp any any eq 136
> access-list 175 permit   udp any any eq 136
> access-list 175 permit   tcp any any eq 137
> access-list 175 permit   udp any any eq netbios-ns
> access-list 175 permit   tcp any any eq 138
> access-list 175 permit   udp any any eq netbios-dgm
> access-list 175 permit   tcp any any eq 139
> access-list 175 permit   udp any any eq netbios-ss
> access-list 175 permit   tcp any any eq 1434
> access-list 175 permit   tcp any any eq 445
> access-list 175 permit   tcp any any eq 593
> access-list 175 permit   tcp any any eq 4444
> access-list 175 permit   tcp any any eq 9996
> access-list 175 permit   tcp any any eq 5554
> access-list 175 permit   udp any any eq 1434
> access-list 175 permit   udp any any eq 445
> access-list 175 permit   udp any any eq 593
> access-list 175 permit   udp any any eq 4444
> access-list 175 permit   udp any any eq 9996
> access-list 175 permit   udp any any eq tftp
> access-list 175 permit   udp any any eq 995
> access-list 175 permit   udp any any eq 996
> access-list 175 permit   udp any any eq 997
> access-list 175 permit   udp any any eq 998
> access-list 175 permit   udp any any eq 999
> access-list 175 permit   udp any any eq 8998
>
> Regards
>
> Vikas Sharma
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>

More information about the cisco-nsp mailing list