ACL Syntax Question

amb1s1amb1s1 Member Posts: 408
I came across this ACL on my Job:
10 permit tcp any any neq telnet
Why they use that syntax instead of using the following:
10 permit deny any any eq telnet
David G.
http://gomezd.com <
My Tshoot test Blog
http://twitter.com/ipnet255

Comments

  • peanutnogginpeanutnoggin Member Posts: 1,096 ■■■□□□□□□□
    amb1s1 wrote: »
    I came across this ACL on my Job:
    10 permit tcp any any neq telnet
    Why they use that syntax instead of using the following:
    10 permit deny any any eq telnet

    10 permit tcp any any neq telnet

    is a way to write a one line ACL to accomplish the denial of telnet and allowing of the rest of the TCP traffic to flow.

    If they had used:

    10 deny tcp any any eq telnet
    they would have had to add
    20 permit tcp any any
    or no other traffic could've passed through the interface in which this ACL was applied.

    Because the last line of an ACL is the hidden "deny any any".

    HTH.

    V/r

    ~Peanut
    We cannot have a superior democracy with an inferior education system!

    -Mayor Cory Booker
  • mikem2temikem2te Member Posts: 407
    Is this the complete access list? Remember there is always an implicit deny all at the end of every access list which you do not see in the show runningconfig or any other show comand.

    Therefore if the acl was-
    "10 permit deny any any eq telnet"
    As there is a hidden deny all at the end of the list no traffic will be allowed through.

    If the adl was-
    "10 permit tcp any any neq telnet"
    All traffic not matching the rule (not telnet traffic)would be allowed. Telnet traffix would then be stopped by the hidden implicit deny.
    Blog : http://www.caerffili.co.uk/

    Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
    Currently : EIGRP & OSPF
    Next : CCNP Route
Sign In or Register to comment.