In IOS XR access list. Which packets will be permitted ?

ปลาวาฬทราย RMUTT CPE IX · ‎02-13-2013

Refer to the command:

ipv4 access-list FILTER 10 permit tcp any 192.168.15.32 0.0.0.15 eq www 20 deny ipv4 any 192.168.15.32 0.0.0.15 30 permit ipv4 any any

The access list has been configured on the Gi0/0/0/0 interface in the inbound direction. Which packets that are sourced from 10.1.1.1 TCP port 1060, if they are routed to the Gi0/0/0/0 interface, will be permitted?

A. destination IP address: 192.168.15.49, destination TCP port: 80

B. destination IP address: 192.168.15.49, destination TCP port: 8080

C. destination IP address: 192.168.15.46, destination TCP port: 80

D. destination IP address: 192.168.15.41, destination TCP port: 8080

E. destination IP address: 192.168.15.36, destination TCP port: 80

F. destination IP address: 192.168.15.37, destination TCP port: 8080

What is it same in the IOS ? If it do follow to sequence. In sequence 30 permit source any destination any. I thought all choice are permitted. What do you think

Thank you very much.

Pablo Vicencio · ‎02-27-2013

The ACL are evaluated line to line until hit some sentence, so in your ACL.

10. All traffic coming from any source with destination 192.168.15.32 through 47 and TCP port 80 will be permitted.

20. Al traffic from any source and going to destination 192.168.15.32 through 47 and port not 80 will be denied.

30. Any other traffic, with destination different that 192.168.15.32/29 will be permitted.

besides of that, same behavior could be reached with two lines:

ipv4 access-list FILTER 10 deny ipv4 any 192.168.15.32 0.0.0.15 20 permit ipv4 any any

PVD.