Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Re: Access List question

Thanks in advance!!

Does any one know what is an alternative command to add an access list for NTP access from segment A to Segment B.? I have tried to use the NTP and port number and the IOS will not take the command.

"Access-list 100 permit udp x.x.x.x x.x.x.x host x.1.2.3.4 "123/ntp"

I have tried to "NTP" and port "123" and the CICSO IOS would not take it. I have the latest IOS will be posted below.

IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.2(31), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by cisco Systems, Inc.

Compiled Thu 11-Aug-05 17:24 by tinhuang

Image text-base: 0x8000808C, data-base: 0x8128D9F4

Thanks...

3 REPLIES

Re: Re: Access List question

I'm sorry but you have the wrong syntax. The acl should look like this:

access-list 100 permit udp any host 1.2.4.5 eq ntp

The interesting point in this acl is after the first ip address. (any in this case) There you may choose between the following:

rtr(config)#access-l 100 permit udp any ?

A.B.C.D Destination address

any Any destination host

eq Match only packets on a given port number

gt Match only packets with a greater port number

host A single destination host

lt Match only packets with a lower port number

neq Match only packets not on a given port number

range Match only packets in the range of port numbers

This means that you may either specify a range of source ports or go on directly entering the destination. This implies all source ports.

And btw: all these xxxx; are you doing that because everybody does or do you really fear that you are giving away valuable info? No need to comment, just think about it.

Regards,

Leo

Silver

Re: Re: Access List question

I guess you forgot the EQ at the end of the list. Should look like that:

Access-list 100 permit udp x.x.x.x x.x.x.x host x.1.2.3.4 eq ntp

PLease rate if I could help,

Thanks,

Community Member

Re: Re: Access List question

Thank you!! I figured that out after a few minutes of going through the acl's. :)

Thanks again!

105
Views
0
Helpful
3
Replies
CreatePlease to create content