[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

ACL question

Quick question can someone shed little light on this one?  What is the difference in the 2 acl entries and are both of those entries needed? (IP's changed)

access-list 100 permit tcp any 192.168.0.0 0.0.255.255 gt 1023
access-list 100 permit ip any 192.168.0.0 0.0.0.255
0
Jelonet
Asked:
Jelonet
  • 3
  • 2
2 Solutions
 
pseudocyberCommented:
The first one will permit any tcp traffic from 192.168.0.0/16 greater than port 1023 (high numbered ports).
The bottom one will permit any IP traffic from 192.168.0.0/24

Note, the two are different networks because of the masks.
0
 
localhostCommented:
> access-list 100 permit tcp any 192.168.0.0 0.0.255.255 gt 1023

Basically, this acl entry permits only tcp connection with port greater than 1023. Your wildcard mask entry of 0.0.255.255 means you permit network 192.168.* to match this ACL and hence, the packet will be accepted. For example:

IP: 192.168.x.x will be allowed to use any tcp applications with port greater than 1023

> access-list 100 permit ip any 192.168.0.0 0.0.0.255

Whereas for this ACL entry, it means you only permit network 192.168.0.x to access the network. For example:

IP: 192.168.0.1 - 192.168.0.255 will be allowed to access the network

but anything out of the network 192.168.0.x will not be allowed to access the network due to your wildcard mask 0.0.0.255 (which only checks the last octet of the IP address).

However, note that there is a implicit deny statement at the end of the access-list table.

Hope this helps :)
0
 
JelonetAuthor Commented:
Thank you for clearing that up.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
pseudocyberCommented:
You're welcome. :)
0
 
pseudocyberCommented:
:(
0
 
localhostCommented:
No problem. Glad to be of assistance :)
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now