extended access list syntax question
johnifanx98
Member Posts: 329
in CCNA & CCENT
Router(config)#access-list 110 deny tcp any ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers
After specifying the source as any, I expect syntax similar to source like "any", "host", to specify the destination address. but why it gives eq, gt, and else?
Comments
-
Roguetadhg
Member Posts: 2,489 ■■■■■■■■□□
Extended ACLs also have the ability to filter by ports, or protocols. As well as the normal Source/Destination filtering!
For example you can do a "eq 23" it'll filter out I]Your deny statement[/I all I]Any statement[/I telnet sessions. Port 23 is for Telnet.In order to succeed, your desire for success should be greater than your fear of failure.
TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams -
lantech
Member Posts: 329
The other values allow you more flexibility on how you determine which packets are filtered.2012 Certification Goals
CCENT: 04/16/2012
CCNA: TBD -
vishaw1986
Member Posts: 40 ■■□□□□□□□□
Hey John ,
in extented access list the packet are matched on the basis of Source and Destination address which include both IP and Port numbers . So with EQ we can match the particular Port number .
but with standard accesslist we can match the source address only .