Options
what does "eq" in ACLs mean?
mguy
Member Posts: 167 ■■■□□□□□□□
in CCNA & CCENT
Say I want to block telnet traffic from a hostaccess-list 101 deny tcp host 192.168.1.1 eq telnet
or www
access-list 101 deny tcp host 192.168.1.1 eq www
Also why don't we use this syntax for ICMP pings????? In other words, why do i use:
access-list 101 deny icmp host 192.168.1.1
instead of
access-list 101 deny tcp 192.168.1.1 eq ping
Comments
-
Options
drkat
Banned Posts: 703
Ping isnt a tcp service so we dont use 'eq' - eq == equals - We use 'eq' to specify port or range of ports whether it be udp/tcp, but icmp doesnt so ... we cant use eq and we must use permit icmp
Please refer to '?' when doing your ACL and it gives a pretty decent explanation -
Options
mochaaddict
Member Posts: 42 ■■□□□□□□□□
I'm pretty sure that in cisco land eq means "equal" and neq means "not equal".
----
icmp is its own protocol with its own parameters - source quench, echo reply, etc. -
Options
docrice
Member Posts: 1,706 ■■■■■■■■■■
As others mentioned, it refers to being "equal to." It applies to ACL statements involving layer 4 protocols (TCP and UDP).
ICMP is layer 3 (or 3.5) and there is no concept of a port involved. ICMP has types and codes. For example, when doing a "ping" the sender transmits an ICMP type 8 code 0 (known as an echo request) while the response back from the remote target is an ICMP type 0 code 0 (an echo reply). You'd specify this in an ACL like:
access-list 101 permit icmp host 10.1.1.2 host 10.2.2.3 echo
access-list 102 permit icmp host 10.2.2.3 host 10.1.1.2 echo-replyHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
