Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
10
Helpful
2
Replies

Extended ACL issue

olly ahmed
Level 1
Level 1

‎06-25-2016 09:18 AM - edited ‎03-05-2019 04:18 AM

Can anyone help me out to understand the extended ACL commands. I saw an ACL with command "exec cmd" at the end. What is the actual purpose of using "exec cmd" in ACL. For better understanding acl line is given below:

390 permit tcp host 10.65.17.1 host 10.80.125.162 eq 469 exec cmd

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎06-25-2016 09:42 AM

Hi,

Those are simply another destination ports - exec stands for port 512 (rsh), cmd stands for port 514 (rcmd). In Cisco IOS, if the port number refers to a well-known service, IOS will replace it with its symbolic name. The line you have quoted says, in numeric:

390 permit tcp host 10.65.17.1 host 10.80.125.162 eq 469 512 514

meaning that any TCP traffic from 10.65.17.1 to 10.80.125.162 where the destination TCP port is 469 or 512 or 514 is permitted.

Note that these port numbers and names are actually listed in the help:

Router(config-ext-nacl)# permit tcp any any eq ?
  <0-65535>    Port number
  bgp          Border Gateway Protocol (179)
  chargen      Character generator (19)
  cmd          Remote commands (rcmd, 514)
  daytime      Daytime (13)
  discard      Discard (9)
  domain       Domain Name Service (53)
  drip         Dynamic Routing Information Protocol (3949)
  echo         Echo (7)
  exec         Exec (rsh, 512)
  finger       Finger (79)
  ftp          File Transfer Protocol (21)
  ftp-data     FTP data connections (20)
  gopher       Gopher (70)
  hostname     NIC hostname server (101)
  ident        Ident Protocol (113)
  irc          Internet Relay Chat (194)
  klogin       Kerberos login (543)
  kshell       Kerberos shell (544)
  login        Login (rlogin, 513)
  lpd          Printer service (515)
  nntp         Network News Transport Protocol (119)
  onep-plain   ONEP Cleartext (15001)
  onep-tls     ONEP TLS (15002)
  pim-auto-rp  PIM Auto-RP (496)
  pop2         Post Office Protocol v2 (109)
  pop3         Post Office Protocol v3 (110)
  smtp         Simple Mail Transport Protocol (25)
  sunrpc       Sun Remote Procedure Call (111)
  tacacs       TAC Access Control System (49)
  talk         Talk (517)
  telnet       Telnet (23)
  time         Time (37)
  uucp         Unix-to-Unix Copy Program (540)
  whois        Nicname (43)
  www          World Wide Web (HTTP, 80)

Best regards,
Peter

olly ahmed
Level 1
Level 1
In response to Peter Paluch

‎06-25-2016 12:04 PM

Thanks for your kind elaboration.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card