RE: ip access-list

From: gary braver (gbraver@xxxxxxxxx)
Date: Wed Jun 26 2002 - 20:00:38 GMT-3

• Next message: Jason Sinclair: "RE: ip access-list"
• Previous message: Ahmed Al-Ghawas: "Re: how to swap the lab date via cisco?"
• Maybe in reply to: Danny.Wang@xxxxxxxxxxxxxx: "ip access-list"
• Next in thread: Jason Sinclair: "RE: ip access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Still a little confused about this.

to simplify lets change the specifc destination host to any. So what is the
difference???
access-list 101 permit tcp any eq domain any
this permits any connection originating from tcp port 53 to access any host
???

access-list 101 permit tcp any any eq domain
this permits any connection originating from any host via tcp to any host on
tcp port 53 ???

thanks

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jason Sinclair
Sent: Wednesday, June 26, 2002 12:30 AM
To: 'Danny.Wang@alderwoods.com'; ccielab@groupstudy.com
Subject: RE: ip access-list

Danny,

Let's break them down:

access-list 101 permit tcp any eq domain host 205.12.54.254
this permits any connection originating from tcp port 53 to access the host
205.12.54.254 on any tcp port
access-list 101 permit tcp any host 205.12.54.254 eq domain
this permits any connection originating from any host via tcp to the host
205.12.54.254 on tcp port 53

access-list 102 permit tcp any any eq www established
this permits any host access to any other host on port 80 as long as the ACK
or RST bit is set
access-list 102 permit tcp any eq www any established
this permits any source address wit a source port of 80 to connect to
anything and any port as long as the ACK or RST bit is set

access-list 100 permit udp any eq domain host 209.54.12.254
access-list 100 permit udp any eq domain host 209.54.12.254 eq domain
Same as the first pair except UDP ports.
Cheers,

Jason Sinclair CCIE #9100
Manager, Network Control Centre
POWERTEL
55 Clarence Street,
SYDNEY NSW 2000
AUSTRALIA
office: + 61 2 8264 3820
mobile: + 61 416 105 858
email: sinclairj@powertel.com.au

 -----Original Message-----
From: Danny.Wang@alderwoods.com [mailto:Danny.Wang@alderwoods.com]
Sent: Wednesday, 26 June 2002 13:47
To: ccielab@groupstudy.com
Subject: ip access-list

Could anyone explain a little bit the following access list pair if there's
any difference?

access-list 101 permit tcp any eq domain host 205.12.54.254
access-list 101 permit tcp any host 205.12.54.254 eq domain

access-list 102 permit tcp any any eq www established
access-list 102 permit tcp any eq www any established

access-list 100 permit udp any eq domain host 209.54.12.254
access-list 100 permit udp any eq domain host 209.54.12.254 eq domain

• Next message: Jason Sinclair: "RE: ip access-list"
• Previous message: Ahmed Al-Ghawas: "Re: how to swap the lab date via cisco?"
• Maybe in reply to: Danny.Wang@xxxxxxxxxxxxxx: "ip access-list"
• Next in thread: Jason Sinclair: "RE: ip access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:42 GMT-3