what does "eq" in ACLs mean?

mguymguy ■■■□□□□□□□Posts: 167Member ■■■□□□□□□□
icon_confused.gifSay I want to block telnet traffic from a host

access-list 101 deny tcp host eq telnet

or www

access-list 101 deny tcp host eq www

Also why don't we use this syntax for ICMP pings????? In other words, why do i use:

access-list 101 deny icmp host

instead of

access-list 101 deny tcp eq ping



  • Ltat42aLtat42a ■■■□□□□□□□ Posts: 587Member ■■■□□□□□□□
    equal instead of "="???? (just guessing)
  • drkatdrkat Posts: 703Banned
    Ping isnt a tcp service so we dont use 'eq' - eq == equals - We use 'eq' to specify port or range of ports whether it be udp/tcp, but icmp doesnt so ... we cant use eq and we must use permit icmp

    Please refer to '?' when doing your ACL and it gives a pretty decent explanation
    Married to the game but she broke her vows. That's why my bars are full of broken bottles And my night stands are full of open bibles
  • mochaaddictmochaaddict ■■□□□□□□□□ Posts: 42Member ■■□□□□□□□□
    I'm pretty sure that in cisco land eq means "equal" and neq means "not equal".


    icmp is its own protocol with its own parameters - source quench, echo reply, etc.
  • docricedocrice ■■■■■■■■■■ Posts: 1,706Member ■■■■■■■■■■
    As others mentioned, it refers to being "equal to." It applies to ACL statements involving layer 4 protocols (TCP and UDP).

    ICMP is layer 3 (or 3.5) and there is no concept of a port involved. ICMP has types and codes. For example, when doing a "ping" the sender transmits an ICMP type 8 code 0 (known as an echo request) while the response back from the remote target is an ICMP type 0 code 0 (an echo reply). You'd specify this in an ACL like:

    access-list 101 permit icmp host host echo

    access-list 102 permit icmp host host echo-reply
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.