Re: ACL eq

From: Jason Madsen (madsen.jason@gmail.com)
Date: Tue Aug 05 2008 - 00:38:21 ART

• Next message: Jason Madsen: "Re: EIGRP Concept"
• Previous message: Scott Strobeck: "Re: ACL eq"
• Maybe in reply to: John: "ACL eq"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John, in addition to what Scott stated, typical ports that most people are
familiar with e.g. http 80, ssh 22 etc. are typically the port on the server
/ destination device and the user's port is typically a random number port
above 1023. so if your user is trying to ssh to a router, the router
(destination IP) would have the eq ssh used and the user's port wouldn't
have to necessarily be specified. this rule isn't all inclusive, but it's
pretty standard.

if you are using a Windows computer, try doing some connections to various
to devices / services and do various netstats to view ports used. many well
known ports used may have words displayed, rather than numbers. use netstat
-n for their numeric values. maybe try some web, telnet, ssh, ftp type
connections and see what you come up with. on a router maybe try a "permit
ip any any log" ACL and see what feedback you get after doing some
connections.

Jason

On Mon, Aug 4, 2008 at 9:00 PM, Scott Strobeck <scott@strobeck.net> wrote:

> John,
>
>
> If it follows the source IP address, then it'll match the source port. If
> it follows the destination IP address, then it'll match the dest port.
> Remember, also, specifying IP (as in 'permit ip . .. ') doesn't specify a
> transport protocol so there are no ports.
>
> Try googling "cisco access list". I'm sure you'll get some good
> explanations.
>
> Scott
>
>
> John wrote:
>
>> Every time I think I have a clue about where to put eq in an acl. I get
>> my
>> ass handed to me. I'm looking for an explanation on how to use this
>> command
>> properly. I can't seem to find an explanation that makes sense to me.
>> For
>> some reason I just don't get it. Any links would be greatly appreciated
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jason Madsen: "Re: EIGRP Concept"
• Previous message: Scott Strobeck: "Re: ACL eq"
• Maybe in reply to: John: "ACL eq"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:29 ART