From: Jay Hennigan (jay@xxxxxxxx)
Date: Thu Nov 09 2000 - 16:40:31 GMT-3
On Thu, 9 Nov 2000 sgupta22@csc.com wrote:
> Hi team,
> can any one shed some light on these two in terms of response time?
>
> 1. access-list 101 permit tcp host 172.16.1.1 host 192.168.10.1 gt 1800
> access-list 101 deny tcp host 172.16.1.1 host 192.168.10.1 gt 1900
This will probably not do what you want. If the destination port is, for
example, 1901, it will match the first line and be permitted. Line 2 won't
come into play unless line 1 is *not* matched. You probably want to swap the
order of these lines.
> 2. access-list 101 permit tcp host 172.16.1.1 host 192.168.10.1 range 1800
> 1900
This will allow port 1800. The first example would not. Make sure if
you want 1800 included or excluded. In other words, should the first
example be "gt 1799" or should the second be "range 1801..."?
Now, to answer your question, it probably doesn't make any real difference.
The command parser that converts the IOS syntax into machine code will
probably treat them the same. In theory, the "range" command form would
be slightly faster.
-- Jay Hennigan - Network Administration - jay@west.net NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:43 GMT-3