[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 585
  • Last Modified:

Cisco--Access List

I need to understand what this access list will do:
1-Access list 100 deny TCP any any eq 179
2-Access list 100 permit TCP any eq 179 any
3-Access list 100 permit IP any any.

if I understand the meaning, and please correct me if I am wrong.
1- Will deny TCP traffic from any source port 179 to any destination port 179
2- will permit TCP traffic from any source port 179 to any destination port
3-Will permit any IP traffic from any IP source to any IP destination
0
jskfan
Asked:
jskfan
  • 2
  • 2
2 Solutions
 
smckeown777Commented:
Not 100% correct...

1) Will deny tcp traffic from ANY source(host and port) to any destination port 179
2) Yes
3) Yes
0
 
NimadaCommented:
These commands are for Extended Access List:
Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL.

the command syntax format of extended ACLs :
Lines are wrapped here for spacing considerations.
TCP
access-list access-list-number 
     [dynamic dynamic-name [timeout minutes]] 
     {deny|permit} tcp source source-wildcard [operator [port]]
     destination destination-wildcard [operator [port]] 
     [established] [precedence precedence] [tos tos] 
     [log|log-input] [time-range time-range-name]

Open in new window


IP
access-list access-list-number 
     [dynamic dynamic-name [timeout minutes]] 
     {deny|permit} protocol source source-wildcard 
     destination destination-wildcard [precedence precedence] 
     [tos tos] [log|log-input] [time-range time-range-name]

Open in new window


1-Access list 100 deny TCP any any eq 179
2-Access list 100 permit TCP any eq 179 any
3-Access list 100 permit IP any any.
So each line means..
1- any TCP traffic heading for Port 179 well be denied (what ever the source host, the source port or the destination host)
2- allow BGP from any source with TCP port 179 to any destination with any TCP port number.
3-Yes.

The whole ACL is for :
Just to allow connection from source TCP port 179 "BGP" to any other TCP port. and It allows all the IP Traffic.
0
 
jskfanAuthor Commented:
bullet  1 and 2 looks contradictory. does it mean bullet 2 overrides bullet 1 ?

in general does it mean:
1- any TCP traffic heading for Port 179 will be denied (what ever the source host, the source port or the destination host,
2 -  if the destination host has a TCP port 179 open, accept traffic.
3-accespt IP traffic from any source host to any destination host (here is layer 3 traffic)
0
 
NimadaCommented:
The whole ACL is for :
Just to allow connection from source TCP port 179 "BGP" to any other TCP port. and It allows all the IP Traffic.

From X to Y but not from Y to X ....
0
 
jskfanAuthor Commented:
Thank you Guys!
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now