From: Tony Schaffran (groupstudy@cconlinelabs.com)
Date: Tue Oct 26 2004 - 20:08:48 GMT-3
Did you get my replies this morning?
I do not see that they got posted.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Tuesday, October 26, 2004 4:27 AM
To: Group Study
Subject: ACL for telneting to a specific port
Hi guys,
I want to create an acl which allows only telnets to port 3023.
In the example I just saw yesterday this required to lines as follows:
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any any eq 3023
I tried this out and it works. But, if I use either entry by itself, it
doesn't work. It also doesn't work if the entries are in the reverse order
ie
the eq 3023 entry comes before the eq telnet entry.
This example seems to break the rules of acl processing which I thought I
knew
- each entry is evaluated from top to bottom INDEPENDENTLY. If an entry
permits the packet, stop processing the acl. If an entry denies the packet,
stop processing. If a packet doesn't match an entry, go to the next entry
and
repeat.
Is the above acl an exception to the logic of acl processing as I understand
it or am I missing something?
Thanks, Tim
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:53 GMT-3