ACL - when to use "any" keyword
Andrew Newman
Member Posts: 23 ■□□□□□□□□□
in CCNA & CCENT
Hi,
I'm looking at an ACL problem and I can't understand the consequences of using or not using the "any" keyword.
What does "access-list 103 deny tcp 172.16.8.0 0.0.3.255 any eq 80" achieve that "access-list 103 deny tcp 172.16.8.0 0.0.3.255 eq 80" doesn't? Is the use of the keyword "any" strictly necessary?
The aim is to prevent users between 172.16.8.0 and 172.16.11.255 from accessing the www.
Any clarification would be greatly appreciated.
I'm looking at an ACL problem and I can't understand the consequences of using or not using the "any" keyword.
What does "access-list 103 deny tcp 172.16.8.0 0.0.3.255 any eq 80" achieve that "access-list 103 deny tcp 172.16.8.0 0.0.3.255 eq 80" doesn't? Is the use of the keyword "any" strictly necessary?
The aim is to prevent users between 172.16.8.0 and 172.16.11.255 from accessing the www.
Any clarification would be greatly appreciated.
Comments
-
SecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□source network - 172.16.8.0 and 172.16.11.255
destination network - any (web) -
kaytaurus Member Posts: 28 ■■■□□□□□□□1. I think the "access-list 103 deny tcp 172.16.8.0 0.0.3.255 eq 80" ACL entry is not complete. It lacks the destination network/wildcard and port no
2. The "any" is a synonym for " i dont care". it can be any host source or any host destination depending on where its placed in the cmd line.
To achieve your specification as specified above the " access-list 103 deny tcp 172.16.8.0 0.0.3.255 any eq 80" will suffice.