Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
5
Helpful
1
Replies

ACL

Go to solution
jonk34567
Level 4
Level 4

‎12-15-2017 09:31 AM - edited ‎03-08-2019 01:07 PM

1.# access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 23 11.1.1.0 0.0.0.255

                               vs 

2.# access-list 101 permit tcp 10.1.1.0 0.0.0.255 11.1.1.0 0.0.0.255  eq 23

 

is there any diffrence between first and secound command ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni

‎12-15-2017 09:40 PM

Hi

Yes there is a difference:

1.# access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 23 11.1.1.0 0.0.0.255

The ACL #1 is representing the traffic generated (sourced) by the network 10.1.1.0/24 and using the port 23 (telnet) as source port to reach the network 11.1.1.0/24

                     

2.# access-list 101 permit tcp 10.1.1.0 0.0.0.255 11.1.1.0 0.0.0.255  eq 23

The ACL #2 is telling you: allow the network 10.1.1.0/24 (source) reach the network 11.1.1.0/24 (destination) with port 23 (telnet) destination port. 

 

The sintaxis of an extended ACL is:

 

access-list <ACL ID> permit/deny <protocol> <source network/host> <wildcard> <source port / range of ports> <destination network/host> <wildcard><destination port / range of ports>.

 

Usually the computer use dynamic port so you can exclude the source port, now the source port is usually used by servers when they are sending a response to a specific source.

 

Hope it is useful

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

1 Reply 1

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni

‎12-15-2017 09:40 PM

Hi

Yes there is a difference:

1.# access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 23 11.1.1.0 0.0.0.255

The ACL #1 is representing the traffic generated (sourced) by the network 10.1.1.0/24 and using the port 23 (telnet) as source port to reach the network 11.1.1.0/24

                     

2.# access-list 101 permit tcp 10.1.1.0 0.0.0.255 11.1.1.0 0.0.0.255  eq 23

The ACL #2 is telling you: allow the network 10.1.1.0/24 (source) reach the network 11.1.1.0/24 (destination) with port 23 (telnet) destination port. 

 

The sintaxis of an extended ACL is:

 

access-list <ACL ID> permit/deny <protocol> <source network/host> <wildcard> <source port / range of ports> <destination network/host> <wildcard><destination port / range of ports>.

 

Usually the computer use dynamic port so you can exclude the source port, now the source port is usually used by servers when they are sending a response to a specific source.

 

Hope it is useful

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Customers Also Viewed These Support Documents