Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

Access-lists

Aileron88
Level 1
Level 1

‎09-05-2011 11:09 AM - edited ‎03-07-2019 02:03 AM

Hi all,

I thought I was going mad today. In a customers network I saw the following in an access-list:

access-list 101 permit tcp 1.2.3.4 0.0.0.255 5.6.7.8 0.0.0.255 eq telnet

In the same access-list I found:

access-list 101 permit ip 1.2.3.4 0.0.0.255 any

Now surely this 'permit ip' entry would essentially render any entry above it pointless for that address range because it's just allowing any IP traffic through and it doesn't care if it's TCP or UDP? The 'permit tcp' entry was first but this wasn't just for 'logging'... I feel like perhaps i'm being a little silly here and missing the point?

Also, if I have the following:

access-list 101 permit tcp 1.2.3.4 0.0.0.255 5.6.7.8 0.0.0.255 eq 23

is my return list going to be:

access-list 101 permit tcp 1.2.3.4 0.0.0.255 eq 23 5.6.7.8 0.0.0.0.255?

I know this is really simple configuration, I've just over-thought it and now completely lost my train of thought.

Thanks for your time,

Adam

Labels:
0 Helpful
1 Reply 1

cadet alain
VIP Alumni
VIP Alumni

‎09-05-2011 01:02 PM

Hi,

effectively  in this ACL:

access-list 101 permit tcp 1.2.3.4 0.0.0.255 5.6.7.8 0.0.0.255 eq telnet

access-list 101 permit ip 1.2.3.4 0.0.0.255 any

everything will be permited from 1.2.3.4/24 to anything so line 1 is not necessary as TCP is part of IP.

concerning return traffic you must mirror the ACL to give:

access-list 101 permit tcp 5.6.7.8  0.0.0.255 eq 23 1.2.3.4  0.0.0.0.255

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card