Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
0
Helpful
1
Replies

ACL

Go to solution
anitachoi3
Level 1
Level 1

‎03-13-2009 07:25 PM - edited ‎03-04-2019 03:55 AM

Hi,

according the config, I have two questions about the ACL

1. the ACL in group C should be invalid, should not it?. the Local traffic should not pass through router.

2. the group E, what is the router behavior if the setting is "gt 1023"? does the router change the port to 1024 for 1st session; 1025 for second session; 1026 for 3rd session .....?

rdgs

R1

interface FastEthernet0/0.11

encapsulation dot1Q 11

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/0.14

encapsulation dot1Q 14

ip address 192.168.14.1 255.255.255.0

!

interface FastEthernet0/0.101

encapsulation dot1Q 101

ip address 192.168.101.1 255.255.255.0

!

interface FastEthernet1/0

ip address 192.168.2.1 255.255.255.0

ip access-group 153 out

speed 100

full-duplex

! group A

access-list 153 permit tcp 192.168.102.0 0.0.0.255 host 192.168.3.121

access-list 153 permit udp host 192.168.1.49 eq syslog host 192.168.2.121 gt 1023

access-list 153 permit tcp host 192.168.14.211 host 192.168.2.121

access-list 153 permit tcp host 192.168.15.221 host 192.168.3.121

!group B

access-list 153 permit tcp 192.168.0.0 0.0.255.255 gt 1023 host 192.168.2.121 eq 6400

access-list 153 permit tcp 192.168.0.0 0.0.255.255 eq 6400 host 192.168.2.121 gt 1023

!group C

access-list 153 permit tcp host 192.168.2.24 gt 1023 host 192.168.2.121 eq 6400

access-list 153 permit tcp host 192.168.2.24 eq 6400 host 192.168.2.121 gt 1023

!group D

access-list 153 permit tcp host 192.168.3.24 gt 1023 host 192.168.2.121 eq 6400

! group E

access-list 153 permit tcp host 192.168.3.24 eq 6400 host 192.168.2.121 gt 1023

!group F

access-list 153 permit tcp host 192.168.5.26 gt 1023 host 192.168.2.121 eq 6400

access-list 153 permit tcp host 192.168.5.26 eq 6400 host 192.168.2.121 gt 1023

access-list 153 permit tcp host 192.168.5.26 gt 1023 host 192.168.3.121 eq 6400

access-list 153 permit tcp host 192.168.5.26 eq 6400 host 192.168.3.121 gt 1023

access-list 153 permit tcp host 192.168.5.28 gt 1023 host 192.168.2.121 eq 6400

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Istvan_Rabai
Level 7
Level 7

‎03-14-2009 12:08 AM

Hi Anita,

Group C:

In normal circumstances these types of packets do not cross the router.

This traffic is sourced on the 192.168.2.0/24 subnet and destined to the same subnet. So hosts on this subnet will speak to each other directly without passing through the router.

Group E:

gt 1023 means the acl allows packets with destination port numbers greater than 1023.

Allows 1024, 1025, 1026...etc, but disallows 1023, 1022, 1021...etc.

Cheers:

Istvan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Istvan_Rabai
Level 7
Level 7

‎03-14-2009 12:08 AM

Hi Anita,

Group C:

In normal circumstances these types of packets do not cross the router.

This traffic is sourced on the 192.168.2.0/24 subnet and destined to the same subnet. So hosts on this subnet will speak to each other directly without passing through the router.

Group E:

gt 1023 means the acl allows packets with destination port numbers greater than 1023.

Allows 1024, 1025, 1026...etc, but disallows 1023, 1022, 1021...etc.

Cheers:

Istvan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card