Hello folks,
I have a quick question for you that is keep circling my mind. So the task is basic: permit telnet from a subnet and deny everything else. The solution is also simple: "#access-list 101 10 permit tcp any any eq 23 log" & "#access-list 101 20 deny ip any any log". Everything works well so far. The question I have is: why this command works, and the following one does not: "access-list 101 permit 23 24.17.2.0 0.0.0.15 any".
PS: Tested from the same router. First works, second nop.
已解决! 转到解答。
On this command you provide : access-list 101 permit 23 24.17.2.0 0.0.0.15 any
There is no sequence number...
On which equipement you configure these ACL ?
Hello @Road2CCIE
The command access-list 101 permit tcp any any eq 23 log is specifying a rule to permit TCP traffic from any source to any destination with a destination port equal to 23 and logging the matches. The subsequent rule access-list 101 deny ip any any log denies any other IP traffic.
On the other hand, the command access-list 101 permit 23 24.17.2.0 0.0.0.15 any seems to have a syntax issue...
Well, that is what I initially thought, but doesn't have any syntax issues
For example, the following command, just for explanation: "access-list 199 10 permit 23 any any" is basically creating an access-list number 199, with a squence of 10, permiting traffic with a protocol IP equal to 23 from any source to any destination. This is what I don't understand.
If someone else could explain me, that would pe great.
On this command you provide : access-list 101 permit 23 24.17.2.0 0.0.0.15 any
There is no sequence number...
On which equipement you configure these ACL ?
protocol IP equal to 23 <- this wrong
The protocols are
IP
TCP
UDP
There is nothing called protocol 23
I suspect that router accept this command.
MHM
Hello @Road2CCIE ,
you would need a statement that uses TCP as protocol and destination port 23
permit tcp 24.17.2.0 0.0.0.15 any eq 23
TCP is protocol 6 , UDP is 17.
even if protocol 23 exists is not what you need and this why your second ACL does not work
see
https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
protocol 23 is not TCP is:
| 0x17 | 23 | TRUNK-1 | Trunk-1 |
Hope to help
Giuseppe