extended access list syntax question

Router(config)#access-list 110 deny tcp any ?
  A.B.C.D  Destination address
  any      Any destination host
  eq       Match only packets on a given port number
  gt       Match only packets with a greater port number
  host     A single destination host
  lt       Match only packets with a lower port number
  neq      Match only packets not on a given port number
  range    Match only packets in the range of port numbers

After specifying the source as any, I expect syntax similar to source like "any", "host", to specify the destination address. but why it gives eq, gt, and else?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Roguetadhg

Extended ACLs also have the ability to filter by ports, or protocols. As well as the normal Source/Destination filtering!

For example you can do a "eq 23" it'll filter out I]Your deny statement[/I all I]Any statement[/I telnet sessions. Port 23 is for Telnet.

lantech

The other values allow you more flexibility on how you determine which packets are filtered.

vishaw1986

Hey John ,

in extented access list the packet are matched on the basis of Source and Destination address which include both IP and Port numbers . So with EQ we can match the particular Port number .
but with standard accesslist we can match the source address only .