Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Understanding access list entries cisco 2811

Posted on 2006-10-30
4
781 Views
Last Modified: 2013-11-29
Hi all
I need to understand the purpose and function of these entries in my router 2811 cisco:
Please explain each line and what it is doing in my router:


access-list 101 permit tcp host 132.xxx.xxx.xxx any eq 123
access-list 101 permit tcp host 209.xx.xxx.xx any eq 123
access-list 101 permit tcp host 66.xxx.xxx.xxx host 64.xxx.xx.xx eq telnet
access-list 101 permit tcp host 64.xxx.xxx.xxxx host 64.xxx.xx.xx eq telnet
access-list 101 permit udp host 216.xxx.x.x eq domain host 64.xxx.xx.xx
access-list 101 permit udp host 216.xxx.xx.xx eq domain host 64.xxx.xx.xx

Thanks
0
Comment
Question by:amanzoor
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
risner_it earned 250 total points
ID: 17839171
this pdf explain in great detail but i will explain one of your for you...http://i.cmpnet.com/nc/907/graphics/access.pdf

access-list 101 permit tcp host 132.xxx.xxx.xxx any eq 123

this is an access-list name 101 that permits tcp host 132.x.x.x to any ip on port 123
0
 
LVL 4

Author Comment

by:amanzoor
ID: 17839292
risner_it:
Thanks for the pdf file really useful, but a beginner like me needs to know what the actual lines are doing in my case;
-Please explain what is port 123 stands for and what is it doing, it is my concern as ip address 132.xxx.xxx.xxx is not from our domain.
-Please explain what is port 123 stands for and what is it doing, it is my concern as ip address 209.xx.xxx.xxx is not from our domain.
-The two telnets I am sure they belong to our isp, which can access the router in case of emergency change.
-Again what are the last two lines, please note that the 64.xxx.xx.xx is our routers external address.
Help
0
 
LVL 9

Assisted Solution

by:jasonr0025
jasonr0025 earned 250 total points
ID: 17839576
udp port 123 is generally used for NTP "Network time Protocol"-but your access list is stating tcp 123?
A link to general port use of 123 http://www.auditmypc.com/port/udp-port-123.asp
Now for the last two lines "domain" represents dns traffic.  I would have expected to see tcp in that line instead of udp--kinda backwards with the top two's tcp

0
 
LVL 9

Expert Comment

by:jasonr0025
ID: 17839589
the 216.x.x.x addresses in the last 2 lines are probobly dns servers--I should have added this to the above
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question