From: Rik Guyler (rik@guyler.net)
Date: Wed Apr 16 2008 - 10:38:03 ART
Access list 102 only allows traffic to the telnet destination port. It will
allow any host to use any source port to connect to any host "listening" on
port 23. This is what you might consider to be "normal" TCP connectivity as
typically TCP selects a random port in the high range to use as the source
port.
Access list 101, in addition to this line is also allowing traffic to be
sourced specifically from TCP port 23 and destined to TCP 23. While this is
allowed and may even be necessary if the source port is configured to be a
static value on the source host (telnet client), the second line is
redundant since the first line will allow this traffic anyway. When you
don't specify a port (either source or destination) with the "eq" option all
ports are allowed. In other words, functionally, the ACLs are the same.
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of raul
raul
Sent: Wednesday, April 16, 2008 9:19 AM
To: ccielab@groupstudy.com
Subject: access-list help
Hi GS;
need explain pls ,
what is the diffrence between access-list 101 and 102 ?
access-list 101 permit tcp any any eq telnet
access-list 101 permit tcp any eq telnet any eq telnet
int serial 1/0
ip access-group 101 in
ip access-group 101 out
---------------------------------------------------------
access-list 102 permit tcp any any eq telnet
int serial 1/0
ip access-group 102 in
ip access-group 102 out
Thanks
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART