03-13-2009 07:25 PM - edited 03-04-2019 03:55 AM
Hi,
according the config, I have two questions about the ACL
1. the ACL in group C should be invalid, should not it?. the Local traffic should not pass through router.
2. the group E, what is the router behavior if the setting is "gt 1023"? does the router change the port to 1024 for 1st session; 1025 for second session; 1026 for 3rd session .....?
rdgs
R1
interface FastEthernet0/0.11
encapsulation dot1Q 11
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.14
encapsulation dot1Q 14
ip address 192.168.14.1 255.255.255.0
!
interface FastEthernet0/0.101
encapsulation dot1Q 101
ip address 192.168.101.1 255.255.255.0
!
interface FastEthernet1/0
ip address 192.168.2.1 255.255.255.0
ip access-group 153 out
speed 100
full-duplex
! group A
access-list 153 permit tcp 192.168.102.0 0.0.0.255 host 192.168.3.121
access-list 153 permit udp host 192.168.1.49 eq syslog host 192.168.2.121 gt 1023
access-list 153 permit tcp host 192.168.14.211 host 192.168.2.121
access-list 153 permit tcp host 192.168.15.221 host 192.168.3.121
!group B
access-list 153 permit tcp 192.168.0.0 0.0.255.255 gt 1023 host 192.168.2.121 eq 6400
access-list 153 permit tcp 192.168.0.0 0.0.255.255 eq 6400 host 192.168.2.121 gt 1023
!group C
access-list 153 permit tcp host 192.168.2.24 gt 1023 host 192.168.2.121 eq 6400
access-list 153 permit tcp host 192.168.2.24 eq 6400 host 192.168.2.121 gt 1023
!group D
access-list 153 permit tcp host 192.168.3.24 gt 1023 host 192.168.2.121 eq 6400
! group E
access-list 153 permit tcp host 192.168.3.24 eq 6400 host 192.168.2.121 gt 1023
!group F
access-list 153 permit tcp host 192.168.5.26 gt 1023 host 192.168.2.121 eq 6400
access-list 153 permit tcp host 192.168.5.26 eq 6400 host 192.168.2.121 gt 1023
access-list 153 permit tcp host 192.168.5.26 gt 1023 host 192.168.3.121 eq 6400
access-list 153 permit tcp host 192.168.5.26 eq 6400 host 192.168.3.121 gt 1023
access-list 153 permit tcp host 192.168.5.28 gt 1023 host 192.168.2.121 eq 6400
Solved! Go to Solution.
03-14-2009 12:08 AM
Hi Anita,
Group C:
In normal circumstances these types of packets do not cross the router.
This traffic is sourced on the 192.168.2.0/24 subnet and destined to the same subnet. So hosts on this subnet will speak to each other directly without passing through the router.
Group E:
gt 1023 means the acl allows packets with destination port numbers greater than 1023.
Allows 1024, 1025, 1026...etc, but disallows 1023, 1022, 1021...etc.
Cheers:
Istvan
03-14-2009 12:08 AM
Hi Anita,
Group C:
In normal circumstances these types of packets do not cross the router.
This traffic is sourced on the 192.168.2.0/24 subnet and destined to the same subnet. So hosts on this subnet will speak to each other directly without passing through the router.
Group E:
gt 1023 means the acl allows packets with destination port numbers greater than 1023.
Allows 1024, 1025, 1026...etc, but disallows 1023, 1022, 1021...etc.
Cheers:
Istvan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: