Good point! Forgive me, I'd only had one cup of coffee when I wrote that. Usually I need at least three before my explainer works correctly.
John >>> "Howard C. Berkowitz" 8/12/02 11:39:12 AM >>> At 4:35 PM +0000 8/12/02, John Neiberger wrote: >You're putting too much thought into this. :-) The ip keyword will >match any ip packet regardless of the transport layer protocol being >used. You use the tcp, udp, and icmp keywords when you want to be even >more specific. > >HTH, >John > >>>> "maine dude" 8/12/02 10:16:19 AM >>> >Please help... In the example :access-list 101 deny tcp host >172.16.3.10 >172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the >terms >"tcp" and "ip" refer to the individual protocols or the stack ? I >assume >they refer to the individual protocols as you could substitute them >with >"udp" or "icmp" but then surely the last statement would allow only >the >individual "ip" protocol and therefore all other packets such as tcp , >udp, >icmp would be filtered. Or does tcp , udp , icmp get through because it >is >encapsulated in ip ? ( I hate the OSI model ) -DJ Trust me. IP designers did not have OSI compliance in mind. And to be picky, John, ICMP isn't a transport protocol. It is a control/management protocol at the network layer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51253&t=51235 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
