what does "eq" in ACLs mean?

mguymguy Posts: 167Member
icon_confused.gifSay I want to block telnet traffic from a host

access-list 101 deny tcp host 192.168.1.1 eq telnet

or www

access-list 101 deny tcp host 192.168.1.1 eq www


Also why don't we use this syntax for ICMP pings????? In other words, why do i use:

access-list 101 deny icmp host 192.168.1.1

instead of

access-list 101 deny tcp 192.168.1.1 eq ping

icon_study.gif

Comments

  • Ltat42aLtat42a Posts: 585Member ■■■□□□□□□□
    equal instead of "="???? (just guessing)
  • drkatdrkat Posts: 703Banned
    Ping isnt a tcp service so we dont use 'eq' - eq == equals - We use 'eq' to specify port or range of ports whether it be udp/tcp, but icmp doesnt so ... we cant use eq and we must use permit icmp

    Please refer to '?' when doing your ACL and it gives a pretty decent explanation
    Married to the game but she broke her vows. That's why my bars are full of broken bottles And my night stands are full of open bibles
  • mochaaddictmochaaddict Posts: 42Member ■■□□□□□□□□
    I'm pretty sure that in cisco land eq means "equal" and neq means "not equal".

    ----

    icmp is its own protocol with its own parameters - source quench, echo reply, etc.
  • docricedocrice Posts: 1,706Member
    As others mentioned, it refers to being "equal to." It applies to ACL statements involving layer 4 protocols (TCP and UDP).

    ICMP is layer 3 (or 3.5) and there is no concept of a port involved. ICMP has types and codes. For example, when doing a "ping" the sender transmits an ICMP type 8 code 0 (known as an echo request) while the response back from the remote target is an ICMP type 0 code 0 (an echo reply). You'd specify this in an ACL like:

    access-list 101 permit icmp host 10.1.1.2 host 10.2.2.3 echo

    access-list 102 permit icmp host 10.2.2.3 host 10.1.1.2 echo-reply
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.