cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
645
Views
1
Helpful
4
Replies

Access-List issue

anil703
Level 1
Level 1

Hi All

I have a doubt related to Access-list-

What would be the difference between two statement written below, as in one they have mentioned any before "eq bgp" and in second after "eq bgp":

1) access-list 131 permit tcp any any eq bgp

2) access-list 131 permit tcp any eq bgp any

Same query here-

access-list 131 permit udp 202.123.47.0 0.0.0.255 any eq 646

access-list 131 permit udp 202.123.37.0 0.0.0.255 eq 646 any

Regards

Anil K                  

4 Replies 4

Kevin P Sheahan
Level 5
Level 5

The first one is saying that the destation port should be bgp. IP addresses don't matter and neither does the source port.

The second one is saying that the source port should be bgp. IP addresses don't matter and neither does the destination port.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349

Milan Rai
Level 1
Level 1

Hi Anil,

With your first access - list

access-list 131 permit tcp any any eq bgp

From any source address (A) to Destination Address (B) = BGP is Port is allowed.....

In second Case

access-list 131 permit tcp any eq bgp any

For Source Address (A) BGP Port is allowed to = Destination Address (B) in any port.

I hope this will help you.

mgalazka
Level 1
Level 1

The difference in the placement of the port has to do with whether it is related to the source or destination address. For instance, in your last example:

access-list 131 permit udp 202.123.47.0 0.0.0.255 any eq 646

The above statement says to allow UDP for source network 202.123.47.0/24 destined to any IP address, as long as the destination port is udp port 646.

access-list 131 permit udp 202.123.37.0 0.0.0.255 eq 646 any

This statement, on the other hand, says to allow UDP for a source network 202.123.37.0/24 with source udp port 646, destined to any IP on any port.

Hope this helps,

Matt

Many thanks All.....its really helpful

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: