Re: А смысл

From

Yuri Selivanov (2:5020/400)

To

Andre Sidko

Date

2006-02-10T11:43:10Z

Area

RU.CISCO

From: Yuri Selivanov <uri@tomsknet.ru>

Andre Sidko <Andre.Sidko@f77.n4641.z2.fidonet.org> wrote:
>                                 Hello All.
> 
>    Есть у меня catalyst, (неважно какой версии).
> 
>    Вот  выдержки из конфига.
> 
> *** Skip
> !
> interface Vlan1
> ip address 10.1.50.247 255.255.0.0
> ip access-group vlan0-in in
> no ip route-cache
> 
> *** Skip
> ip access-list extended vlan0-in
> deny   ip host 10.1.50.247 any log
> permit ip any any
> 
> 
>    Вот я не могу понять смысла с access-list-е vlan0-in.
> Смысл запрешать ip "с себя на себя", но не резать все другие ip? Объясгите,
> глабальный принцип. Зачем?

	spoofing-alert? %)

>  Registered Linux User #347376
>  UIN 21089807
>                                                        truly your, Andre.

-- 
Best Regards,
Yuri Selivanov [URI2-RIPE]
--- ifmail v.2.15dev5.3
 * Origin: Tomsktelecom - Digital Networks (2:5020/400)
SEEN-BY: 46/50 50/520 400/814 450/159 1024 461/43 640 465/11 469/999 4616/3
SEEN-BY: 4625/8 4626/6 4627/10 4641/444 5000/76 5000 5006/1 5007/1 5010/70
SEEN-BY: 5011/13 5015/28 221 5019/31 5020/175 400 545 715 982 1057 1169 1909
SEEN-BY: 5020/1922 4441 5021/29 5025/3 5026/14 5027/12 5030/37 49 55 61 73 97
SEEN-BY: 5030/115 172 251 266 279 338 361 366 378 382 452 468 518 564 580 627
SEEN-BY: 5030/730 797 845 920 1023 1115 1249 1340 1763 2081 5033/1 5034/13
SEEN-BY: 5036/1 5038/9 5045/7 5049/1 5051/15 5053/16 5054/1 4 8 9 28 30 35 36
SEEN-BY: 5054/37 67 72 75 81 5057/1 5058/1 5060/88 5061/15 26 5062/10 5063/3
SEEN-BY: 5066/18 5075/5 5077/70 5080/1003 5081/2 5085/13 5093/57 5095/20
SEEN-BY: 5096/18 5100/113 6000/1 6001/3 10 6009/1

PATH: 5020/400 5030/49 1115 115 5020/545 5054/1 37