Solved: DNS ACL Structure

DanH3 · ‎06-14-2018

Hello, Can you tell me the difference between these two ACL statements? Usually the port is after the destination address but I've seen examples of DNS ACLs with the port in between the source and destination. Are DNS ACLs the only ACLs that can be structured this way? Thank you.

access-list 112 permit tcp any any eq domain
access-list 112 permit tcp any eq domain any

johnd2310 · ‎06-14-2018

Hi,

The first entry permits tcp traffic from any source to any destination port 53. The second entry permits tcp from any source on port 53 to any destination

This is very common in access list when you want to specify source or destination addresses. If you want to be more granular you can specify source ip address source port and destination ip destination port

e.g.

access-list 112 permit tcp any eq domain any eq domain

Thanks

John

**Please rate posts you find helpful**

View solution in original post

johnd2310 · ‎06-14-2018

Hi,