ACL Syntax Question
amb1s1
Member Posts: 408
in CCNA & CCENT
I came across this ACL on my Job:
10 permit tcp any any neq telnet
Why they use that syntax instead of using the following:
10 permit deny any any eq telnet
10 permit tcp any any neq telnet
Why they use that syntax instead of using the following:
10 permit deny any any eq telnet
Comments
-
peanutnoggin Member Posts: 1,096 ■■■□□□□□□□I came across this ACL on my Job:
10 permit tcp any any neq telnet
Why they use that syntax instead of using the following:
10 permit deny any any eq telnet
10 permit tcp any any neq telnet
is a way to write a one line ACL to accomplish the denial of telnet and allowing of the rest of the TCP traffic to flow.
If they had used:
10 deny tcp any any eq telnet
they would have had to add
20 permit tcp any any
or no other traffic could've passed through the interface in which this ACL was applied.
Because the last line of an ACL is the hidden "deny any any".
HTH.
V/r
~PeanutWe cannot have a superior democracy with an inferior education system!
-Mayor Cory Booker -
mikem2te Member Posts: 407Is this the complete access list? Remember there is always an implicit deny all at the end of every access list which you do not see in the show runningconfig or any other show comand.
Therefore if the acl was-
"10 permit deny any any eq telnet"
As there is a hidden deny all at the end of the list no traffic will be allowed through.
If the adl was-
"10 permit tcp any any neq telnet"
All traffic not matching the rule (not telnet traffic)would be allowed. Telnet traffix would then be stopped by the hidden implicit deny.Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route