Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-List issue

Hi All

I have a doubt related to Access-list-

What would be the difference between two statement written below, as in one they have mentioned any before "eq bgp" and in second after "eq bgp":

1) access-list 131 permit tcp any any eq bgp

2) access-list 131 permit tcp any eq bgp any

Same query here-

access-list 131 permit udp 202.123.47.0 0.0.0.255 any eq 646

access-list 131 permit udp 202.123.37.0 0.0.0.255 eq 646 any

Regards

Anil K                  

4 REPLIES

Access-List issue

The first one is saying that the destation port should be bgp. IP addresses don't matter and neither does the source port.

The second one is saying that the source port should be bgp. IP addresses don't matter and neither does the destination port.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349
New Member

Access-List issue

Hi Anil,

With your first access - list

access-list 131 permit tcp any any eq bgp

From any source address (A) to Destination Address (B) = BGP is Port is allowed.....

In second Case

access-list 131 permit tcp any eq bgp any

For Source Address (A) BGP Port is allowed to = Destination Address (B) in any port.

I hope this will help you.

Bronze

Re: Access-List issue

The difference in the placement of the port has to do with whether it is related to the source or destination address. For instance, in your last example:

access-list 131 permit udp 202.123.47.0 0.0.0.255 any eq 646

The above statement says to allow UDP for source network 202.123.47.0/24 destined to any IP address, as long as the destination port is udp port 646.

access-list 131 permit udp 202.123.37.0 0.0.0.255 eq 646 any

This statement, on the other hand, says to allow UDP for a source network 202.123.37.0/24 with source udp port 646, destined to any IP on any port.

Hope this helps,

Matt

New Member

Access-List issue

Many thanks All.....its really helpful

147
Views
1
Helpful
4
Replies
CreatePlease login to create content