Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21314
Views
25
Helpful
2
Replies

Why use "gt 1023"

Go to solution
manuel.dennis
Level 1
Level 1

‎06-07-2011 12:43 PM - last edited on ‎01-03-2023 02:26 AM by Community Manager

Looking for ways to harden my edge, I found Document ID: 44541, Transit Access Control Lists: Filtering at Your Edge,  http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml.

 

It was helpful, but a number of the ACL entries contained the operator/value

gt 1023,  i.e. access-list 110 permit udp any gt 1023 host <primary DNS server&gt; eq 53, access-list 110 permit tcp host bgp_peer gt 1023 host router_ip eq bgp, and access-list 110 permit tcp host bgp_peer eq bgp host router_ip gt 1023.

Since I also have a requirement to block ports, many of which are gt;1023,  I was wondering "what exactly does it do," "when do I need to use it," "why do I need it," and "how does it work?"

I know that it does work, I just need some information on the what, when, why and how.  I looked on the support community site, but found no real answer.  Can anyone shine some light on this for me?

 

Respectfully

Manny

 

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
skarthic
Cisco Employee
Cisco Employee

‎06-07-2011 01:23 PM

Hello Manuel,

The ports 0 - 1023 are the well-known port numbers. These ports would be used by most of the network services. So based on application the device listens to one of these ports.(for ex.web server listen to port 80 ).

So the client who are trying to use these applications can contact with one of these port numbers (0 - 1023), as each of these ports have a specific purpose. So normally all clients that establish a TCP/UDP connection uses a port > 1023 while talking to the server.

Thats why use see using acls like

access-list 110 permit udp any gt 1023 host  eq 53

where  the DNS traffic is being permitted.

53 being the port of the DNS server

Since clients use a port > 1023, the ACL has been created likewise.

Hope to help.

Regards,
Ramani.

View solution in original post

2 Replies 2

Go to solution
skarthic
Cisco Employee
Cisco Employee

‎06-07-2011 01:23 PM

Hello Manuel,

The ports 0 - 1023 are the well-known port numbers. These ports would be used by most of the network services. So based on application the device listens to one of these ports.(for ex.web server listen to port 80 ).

So the client who are trying to use these applications can contact with one of these port numbers (0 - 1023), as each of these ports have a specific purpose. So normally all clients that establish a TCP/UDP connection uses a port > 1023 while talking to the server.

Thats why use see using acls like

access-list 110 permit udp any gt 1023 host  eq 53

where  the DNS traffic is being permitted.

53 being the port of the DNS server

Since clients use a port > 1023, the ACL has been created likewise.

Hope to help.

Regards,
Ramani.

Go to solution
manuel.dennis
Level 1
Level 1
In response to skarthic

‎06-08-2011 05:10 AM

Thank you.

Regards

Manny

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card