Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP any any ??

Hi ,

If i use "IP any any " then by default will TCP and UDP will also open automatically ? or do i have to specify that TCP and UDP have to be open too

regards

Neo

7 REPLIES
Hall of Fame Super Bronze

Re: IP any any ??

"ip any any" covers all tcp,udp ports

Blue

Re: IP any any ??

when you use 'access-list 101 IP permit....' that means the entire ip suite including TCP and UDP.

if you want only a TCP or UDP port, then you would specify 'access-list 101 tcp permit....' or 'access-list 101 udp permit ....'

please see this link for more ACL info:

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080716eba.html

New Member

Re: IP any any ??

You mean to say as i have open layer 3 (IP) then automatically TCP and UDP are opened.If i want to deny any of TCP or UDP then i have to specifically write a deny statement for that TCP or UDP , right ??

regards

Neo

Hall of Fame Super Bronze

Re: IP any any ??

Yes, correct !

However, the order is sequential so you must deny the tcp & udp ports before the permit ip any any command.

New Member

Re: IP any any ??

so opening of IP also include ICMP ?or do i have to specify for ICMP

regardsNeo

Hall of Fame Super Bronze

Re: IP any any ??

ip includes ICMP as well.

Re: IP any any ??

Yes, permitting IP will permit ICMP as well.

TCP, UDP & ICMP are all entities within IP. Either you can permit/deny them individually or permitting IP will permit all three protocols.

HTH,

Sundar

264
Views
4
Helpful
7
Replies