It's probably a good idea to take a look at a unix services file to get an
idea of many commonly used ports. A lot of protocols have entries for both
TCP and UDP. DNS is interesting because typically UDP is used for lookups
while TCP is used for DNS Zone Transfers. Since you can only specify a port
number with a transport protocol, you have to have two separate access list
lines for TCP and UDP.
Sorry if this seems kind of a basic explanation, but I hope your confusion
is cleared up.
Michael
On Wed, Jul 8, 2009 at 9:21 PM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
> You need to explititly permit udp as well, or just permit ip and it will
> permit anything ip regardless of L4
>
>
> ------Original Message------
> From: Jitendra Anbu
> Sender: nobody_at_groupstudy.com
> To: CCIE Groupstudy
> ReplyTo: Jitendra Anbu
> Subject: Extended ACL rule..
> Sent: Jul 8, 2009 9:12 PM
>
> Hi all,
>
> I have a question regarding extended ACLs
>
> If I permit say TCP port 53 on a extended ACL, will it automatically enable
> UDP port 53? Or do I need to create a separate ACL for UDP?
>
> Thanks,
>
> Jit
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
> Regards,
>
> Joe Astorino
> CCIE #24347 (R&S)
> Sr. Support Engineer IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 09 2009 - 01:06:39 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART