ACL
Mikdilly
Member Posts: 309
in CCNA & CCENT
Say you had an access-list with just these 3 lines:
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 deny tcp 192.168.20.0 0.0.0.255 any eq 80
access-list 101 permit ip any any
Would tcp traffic such as http from 192.168.20.0 be allowed thru the router? I thought tcp traffic such as http would not match to the first statement and then be caught by the second, thus getting denied.
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 deny tcp 192.168.20.0 0.0.0.255 any eq 80
access-list 101 permit ip any any
Would tcp traffic such as http from 192.168.20.0 be allowed thru the router? I thought tcp traffic such as http would not match to the first statement and then be caught by the second, thus getting denied.
Comments
-
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
If you permit everything first, it doesn't matter what application it is, it's going through. You want to put your more specific rules first.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
-
Mikdilly
Member Posts: 309
Netstudent wrote:If you permit everything first, it doesn't matter what application it is, it's going through. You want to put your more specific rules first.
Thanks for clearing that up.