Access Lists - IP, TCP, and UDP
Tricon7
Inactive Imported Users Posts: 238
in CCNA & CCENT
I'm understanding ACLs much better now, but there's still a little ambiguity regarding when to use IP, TCP, and UDP (I already know ICMP). So, if you're not using a TCP/UDP port, the ACL will automatically be using IP? And if you use TCP, you'll be using a port which is a TCP port, and likewise for UDP? You would never use an ACL without inserting either IP, TCP, UDP, or ICMP, correct?
Comments
-
networker050184 Mod Posts: 11,962 ModThere are other types of ACLs besides the ones you have stated. Other types include igmp, eigrp, ospf and gre. There are many different types that can be configured, but they are beyond the scope of the CCNA.An expert is a man who has made all the mistakes which can be made.
-
Tricon7 Inactive Imported Users Posts: 238networker050184 wrote:There are other types of ACLs besides the ones you have stated. Other types include igmp, eigrp, ospf and gre. There are many different types that can be configured, but they are beyond the scope of the CCNA.
The others don't concern me right now; only the ones covered in the CCNA material. Can anyone assist? -
Netstudent Member Posts: 1,693 ■■■□□□□□□□Standard access-lists do not need a protocol keyword because they will default to IP. Also if you do not put a wildcard mask on a standard list, it will default to a single host. Obviously you need a mask to cover a range of IP;s.
On extended ACL;s I think you must use a protocol. If you are covering a range of layer3 or a single layer3 IP and thats it, then you need the IP keyword.
If you are trying to get more intelligent/specific and cover layer4 ports, then you would need the keyword TCP or UDP, depending on the port.
EX. of Standardaccess-list access-list-number {deny | permit} source [source-wildcard] [log]There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
datchcha Member Posts: 265Netstudent wrote:Standard access-lists do not need a protocol keyword because they will default to IP. Also if you do not put a wildcard mask on a standard list, it will default to a single host. Obviously you need a mask to cover a range of IP;s.
On extended ACL;s I think you must use a protocol. If you are covering a range of layer3 or a single layer3 IP and thats it, then you need the IP keyword.
If you are trying to get more intelligent/specific and cover layer4 ports, then you would need the keyword TCP or UDP, depending on the port.
EX. of Standardaccess-list access-list-number {deny | permit} source [source-wildcard] [log]
When you run logging on the access-list, where are the logs stored (NVRAM ?) and in what type of format (.txt) ??
Thanks Net.Arrakis -
Netstudent Member Posts: 1,693 ■■■□□□□□□□http://www.fredshack.com/docs/cisco_ios_basics.html
Your answer is about 3/4 down the page. Look for the bolded word "BUFFER" and start reading that paragraph.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!