Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
0
Helpful
3
Replies

ACL concept

gargaditya
Level 1
Level 1

‎07-10-2015 02:04 AM - edited ‎03-05-2019 01:51 AM

Hii all

regarding port nos....how do we decide whether it is frm source side or destination side??wont it be.for eg. telnet communication on both sides??

 

access-list 101 deny tcp host 10.1.2.1 host10.1.1.1 eq 23

how will it change and what will it mean if 23 is placed like this:

access-list 101 deny tcp host 10.1.2.1 eq 23 host10.1.1.1

 

Really confused.

 

 

Labels:
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎07-10-2015 04:11 AM

An extneded ACL is always viewed at <source> <destination> .

 

You first ACL will deny TCP traffic from the source host 10.1.2.1 orginating on any port, to port 23 on host 10.1.1.1 .

 

The second ACL will deny TCP traffic orginating from 10.1.2.1 from port 23, destined to any port on 10.1.1.1 .

 

The first ACL is the more typical.

 

cheers,

Seb.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-10-2015 04:58 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Seb has already described, the first host/port is for source, the second for destination.

What might further confuse, is which should be port 23.  That depends on which host is the "server" and which host is the "client".  Servers, for many/most services, such as telnet, use a "well known" port on the server.  This is so the "client" knows what port to use when contacting the server.  The client's port might also be "well known" or dynamically assigned.  Which depends on the actual protocol.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎07-11-2015 11:04 AM

I believe that the original poster believes that the same value is used for both source and destination when he says ??wont it be.for eg. telnet communication on both sides??

 

It is very uncommon for the source port and the destination port to use the same value. As Joseph states the client will frequently use some random high value port as the source and use the well known value as the destination port when sending to the server. In sending a response the server will typically use the well known port as the source and the random port as the destination when sending a response.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card