Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
168
Views
5
Helpful
2
Replies

ACL clarification

Raja_D
Level 1
Level 1

‎05-15-2017 10:58 PM - edited ‎03-05-2019 08:32 AM

Can someone explain the major difference between the below commands:

deny tcp host x.x.x.x any

deny ip host x.x.x.x any

Thanks,

James..

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎05-15-2017 11:09 PM

James,

IP works at the network layer (3) of the OSI model, TCP at the transport layer (4). That means:

deny ip host x.x.x.x any

will block anything originating from the specified host to anywhere.

TCP is used by e.g. HTTP, HTTPs, FTP, SMTP, Telnet. You can block these selectively and still allow e.g. UDP (which operates at the same layer as TCP), such as DNS, DHCP, TFTP, SNMP, RIP, VOIP..

So in short:

deny ip host x.x.x.x any --> blocks everything

deny tcp host x.x.x.x any --> blocks only TCP, but allows UDP

Raja_D
Level 1
Level 1
In response to Georg Pauwen

‎05-15-2017 11:37 PM

Thanks George for the clarification..

James..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card