You're putting too much thought into this. :-) The ip keyword will match any ip packet regardless of the transport layer protocol being used. You use the tcp, udp, and icmp keywords when you want to be even more specific.
HTH, John >>> "maine dude" 8/12/02 10:16:19 AM >>> Please help... In the example :access-list 101 deny tcp host 172.16.3.10 172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the terms "tcp" and "ip" refer to the individual protocols or the stack ? I assume they refer to the individual protocols as you could substitute them with "udp" or "icmp" but then surely the last statement would allow only the individual "ip" protocol and therefore all other packets such as tcp , udp, icmp would be filtered. Or does tcp , udp , icmp get through because it is encapsulated in ip ? ( I hate the OSI model ) -DJ --------------------------------- Get a bigger mailbox -- choose a size that fits your needs. http://uk.docs.yahoo.com/mail_storage.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51239&t=51235 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
