Solved

Understanding access list entries cisco 2811

Posted on 2006-10-30
4
769 Views
Last Modified: 2013-11-29
Hi all
I need to understand the purpose and function of these entries in my router 2811 cisco:
Please explain each line and what it is doing in my router:


access-list 101 permit tcp host 132.xxx.xxx.xxx any eq 123
access-list 101 permit tcp host 209.xx.xxx.xx any eq 123
access-list 101 permit tcp host 66.xxx.xxx.xxx host 64.xxx.xx.xx eq telnet
access-list 101 permit tcp host 64.xxx.xxx.xxxx host 64.xxx.xx.xx eq telnet
access-list 101 permit udp host 216.xxx.x.x eq domain host 64.xxx.xx.xx
access-list 101 permit udp host 216.xxx.xx.xx eq domain host 64.xxx.xx.xx

Thanks
0
Comment
Question by:amanzoor
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
risner_it earned 250 total points
ID: 17839171
this pdf explain in great detail but i will explain one of your for you...http://i.cmpnet.com/nc/907/graphics/access.pdf

access-list 101 permit tcp host 132.xxx.xxx.xxx any eq 123

this is an access-list name 101 that permits tcp host 132.x.x.x to any ip on port 123
0
 
LVL 4

Author Comment

by:amanzoor
ID: 17839292
risner_it:
Thanks for the pdf file really useful, but a beginner like me needs to know what the actual lines are doing in my case;
-Please explain what is port 123 stands for and what is it doing, it is my concern as ip address 132.xxx.xxx.xxx is not from our domain.
-Please explain what is port 123 stands for and what is it doing, it is my concern as ip address 209.xx.xxx.xxx is not from our domain.
-The two telnets I am sure they belong to our isp, which can access the router in case of emergency change.
-Again what are the last two lines, please note that the 64.xxx.xx.xx is our routers external address.
Help
0
 
LVL 9

Assisted Solution

by:jasonr0025
jasonr0025 earned 250 total points
ID: 17839576
udp port 123 is generally used for NTP "Network time Protocol"-but your access list is stating tcp 123?
A link to general port use of 123 http://www.auditmypc.com/port/udp-port-123.asp
Now for the last two lines "domain" represents dns traffic.  I would have expected to see tcp in that line instead of udp--kinda backwards with the top two's tcp

0
 
LVL 9

Expert Comment

by:jasonr0025
ID: 17839589
the 216.x.x.x addresses in the last 2 lines are probobly dns servers--I should have added this to the above
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now