Re: access-list help

From: Tarun (tarun.ccie@gmail.com)
Date: Wed Apr 16 2008 - 10:26:52 ART

• Next message: Rik Guyler: "RE: OSPF network"
• Previous message: Ronnie Angello: "Re: OSPF network"
• Maybe in reply to: raul raul: "access-list help"
• Next in thread: Rik Guyler: "RE: access-list help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

*access-list 101 permit tcp any any eq telnet* - This statement means it
will match any source IP, any source port, any destination ip, but only the
destination port 23, In other words this would match traffic comoing from
anyone going to anyone, until its taking a destination port as 23.

*access-list 101 permit tcp any eq telnet any eq telnet -* This statement
means it will match telnet traffic from anyone to any one but both the
source & destination ports should be equal to 23, that is the source device
& destination device's should both be using port 23 for communication.

Obviously since the first statement matches all the source ports including
port 23, the second statement woudl never get a hit on it & would not be
used.

So access-list 101 is as good as 102 in your case.

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: Rik Guyler: "RE: OSPF network"
• Previous message: Ronnie Angello: "Re: OSPF network"
• Maybe in reply to: raul raul: "access-list help"
• Next in thread: Rik Guyler: "RE: access-list help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART