Carl,


Let me bring your attention to a specific part of the URL I posted:-



access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1

access-list 101 permit udp host 10.1.1.2 host 172.16.1.1

access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255



So now lets think about DNS - typically a DNS query is UDP port 53 right?


So in URL I posted and the above capture of some of the post, a typical extended access-list you specify:-


1) Permit or Deny

2) Layer 3 IP or Layer 4 TCP/UDP - there are more options...but for this we can forget about them

3) Source network or source host

4) Source tcp/udp port number

5) Destination network or desintation host

6) Destination tcp/udp port number


I think the above explains it all.

Actions

This Discussion