access list

Unanswered Question
Mar 25th, 2007
User Badges:

hi expert,

what is the purpose by adding stablisted in the access list ?

access-list 101 permit tcp any eq telnet host

access-list 101 permit tcp any eq telnet host establisthed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Sun, 03/25/2007 - 08:42
User Badges:
  • Blue, 1500 points or more

This is to permit any packets returning to a host from already establish connections. When the datagram has acknowledged (ACK) or reset (RST) bits set (indicating an established TCP session)

acbenny Sun, 03/25/2007 - 08:45
User Badges:

sorry, can you explain more ? i still not understand

Jon Marshall Sun, 03/25/2007 - 08:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


The established keyword allows tcp traffic to pass if there is an ACK or RST flag in the packet. If there isn't then the packet will not match that line and will be checked against the rest of the access-list if there are any more entries.

Put simply by using the established keyword you are making sure that the connection has already been initiated and that you are allowing traffic that is part of an already established connection.

What your access-list line says is only allow traffic with a source port of 23 to go through to the host if the host host has already initiated the connection.




This Discussion