[61107] in North American Network Operators' Group
Re: Cisco filter question
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Aug 22 17:38:18 2003
Date: Fri, 22 Aug 2003 16:37:42 -0500
From: Jack Bates <jbates@brightok.net>
To: matt@petach.org
Cc: Scott McGrath <mcgrath@fas.harvard.edu>,
"Geo." <georger@getinfo.net>, nanog@merit.edu
In-Reply-To: <200308221742.h7MHgfx15063@tornado.Stanford.EDU>
Errors-To: owner-nanog-outgoing@merit.edu
matt@petach.org wrote:
>> ip address (access-lists): 199
>
> ^^^
>
>>Extended IP access list 181
>
> ^^^
>
>
>
> Did you mean to have a mismatch between the numbers?
> Or is there some magic configuration detail that links
> the two together that I haven't learned about yet?
>
They are comparitive lists. 181 lists all traffic leaving the router
towards my networks while 199 is the list for the routemap that filters
inbound icmp traffic of 92 bytes. 181 would be legitimate icmp traffic
which is why it's lower than route-map nachi-worm which uses acl 199.
-Jack
