ACL - extended access list

superbabe_uksuperbabe_uk Member Posts: 23 ■□□□□□□□□□
Hi, I'm working through the CCNA ICND2. Section: IP Access Control Lists

On p246 it says "the access-list command must use protocol keywork tcp to be able to match TCP ports and the udp keyword to be able to macht UPD ports"

in an example on p264 they list the statement "access-list 101 permit any any eq telnet"

I would assume that "telnet" is a word value for "port 23" (just like you can type "eq www" instead of "port 80")

therefore does it not have to read "access-list 101 permit tcp any any eq telnet"

??? many thanks for your answers - much appreciated.


  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    That's .... interesting, as I don't think that would work. I checked the errata for the book and it's not there.

    Fired up GNS3 just to double-check, and verified the page 246 information is correct:

    R1(config)#access-list 101 permit any any eq telnet
    ^ (<-- this should be under the 'n' in the first any)
    % Invalid input detected at '^' marker.

    R1(config)#access-list 101 permit tcp any any eq telnet
    Latest Completed: CISSP

    Current goal: Dunno
Sign In or Register to comment.