Access-list

SathishkumarSaravanan0348 · ‎08-22-2019

Hi All,

I have an query in the ACL for the below.

IP access-list Extended Newyear

10 permit tcp 10.125.31.0 0.0.0.63 eq 445 host 20.0.15.2- I have only seen the port number will be written at end followed by the host.

What is the meaning of this syntax?

Seb Rupik · ‎08-23-2019

Hi there,

The ACL simply states it will permit a connection when the source connection uses port TCP/445 and destination port TCP/any.

It is unusual to specify the source port but not out of the question.

cheers,

Seb.

GRANT3779 · ‎08-23-2019

My understanding of that entry would translate to -

A host coming from the 10.125.31.0/26 subnet with a source port of 445 going to a destination of 20.0.15.2 with any tcp port destination.

Giuseppe Larosa · ‎08-23-2019

Hello Sathish,

in IP extended ACL the TCP or UDP port is positional:

if provided after the source address it means source TCP/UDP port if provided at the end after destination address it means destination TCP/UDP port.

This is something that is not clear at the beginning.

If traffic is coming from servers the well known port will be a source port, if traffic is going to servers the well known port will be a destination port.

Hope to help

Giuseppe