ACL Question - Why doesnt this work?

Pash

access-list 110 permit udp 10.161.1.0 0.0.0.255 172.17.6.0 0.0.0.255 established

Ok I was onsite and my colleague made these ACL lines before we came to make changes on a high end switch. This is a rhetorical question because we both spoted the mistake when he pasted it into the config.

So guys and girls studying for CCNA what is wrong with that line?

Slowhand

Heh, heh. . . the first thing I'd do is replace "udp" with "tcp".

Pash

Slowhand wrote:

Heh, heh. . . the first thing I'd do is replace "udp" with "tcp".

And why would we do that Slowhand?

Netstudent

udp is connectionless...no establishment

Pash

Netstudent wrote:

udp is connectionless...no establishment

Quick on the bell Netstudent, i like it! Ok next question, how does a tcp ACL check to see if that packet is part of an "established" connection?

Netstudent

if the ACK bit is set...If the ACK bit is not set then the packet is part of a new establishment or connection. I was thinking maybe also the router looks into the socket information of the connection, but i'm not sure on that one.

Slowhand

LOL, damn w**k, not letting me stay on the forum and get my answers in quick enough.

Netstudent

We all know you knew the answer. Or at least i did. Sorry...

Work has been slow for me all day..I'v been sitting here reading books and techexams while i have no calls or problems.

larkspur

Work has been slow for me all day..I'v been sitting here reading books and techexams while i have no calls or problems.

dang that must be nice. Are you hiring?

Netstudent

We might be in the future depending on growth. Do you work in Murfreesboro or Nashville? Things arn't always slow though. Just coincidentally they were today. Boss is out of town and a couple projects have rolled to an end. I forsee the work load being too much for 2 people in the next year or so. It's me and one other person keeping the place operational. I do it all from major network upgrades and changes to printer and user support.

larkspur

currently in brentwood, but I am no stranger to the downtown area, worked there for 4 years.

Tricon7

Netstudent wrote:

We might be in the future depending on growth. Do you work in Murfreesboro or Nashville? Things arn't always slow though. Just coincidentally they were today. Boss is out of town and a couple projects have rolled to an end. I forsee the work load being too much for 2 people in the next year or so. It's me and one other person keeping the place operational. I do it all from major network upgrades and changes to printer and user support.

Just curious about something - for the kind of work you do, what's the chance of someone going through a Cisco Networking Academy and finishing Cisco 4 (CCNA) getting a decent network-related "real-world" job? I'm not looking quite yet, but I'm putting feelers out.

Netstudent

With or without the CCNA? IF you are just asking if you had semester 4 in the bag but no cert yet, then it would be very difficult i think. A lot depends on what experience you have or if you have any kind of college degree. The thing I have seen out in the real world is, with the kind of jobs people want to have with a CCNA, it is extremely competitive and difficult to get without experience. When it;s all said and done, employers want someone with some kind of experience before they let them touch networking equipment. With a CCNA and no degree or not much experience, you can definately get some kind of tech. job, but don't expect to go configuring enterprise level switches or something. All of this can vary though, I mean you just have to get out there and see what you can get. I think the CCNA does mean a lot, but a lot of times it is just standard procedure to hire someone with a degree or experience. IF you read job postings usually experience and a degree are required where a certification is a plus. And the job postings I'm talking about are full-time 9to5 IT jobs.