03-04-2003 07:56 PM - edited 02-20-2020 09:20 PM
Will these two commands will have same outcome or different:
For example, if I were to permit tftp traffic both ways, I could do
access-list 100 permit udp any any eq tftp or
access-list 100 permit udp any eq tftp any
Will these function differently or same?
Thanks,
03-04-2003 10:45 PM
> access-list 100 permit udp any any eq tftp
The above implies that the destination port in the UDP packet is tftp (69).
> access-list 100 permit udp any eq tftp any
The above command implies that the source port in the UDP packet is tftp (69).
These two commands do different things. Depending on which direction (inbound or outbound) the access-list is applied on the interface, there will either allow the originating TTP packets, or they'll allow the response TFTP packets.
03-11-2003 10:47 AM
Is the syntax for the second example valid? I thought extended access list syntax was :
access-list # permit/deny protocol source add mask destination add mask operand port
The second example puts the destonation add. at the end of the command, is this vaild?
03-11-2003 07:06 PM
The format of the ACL command is as follows:
acl # permit/deny prot
so
access-list 101 permit udp any eq tftp any
means the source port of the packet is tftp. By putting the "eq tftp" at the end of the line you're indicating this is the destination port in the packet. You can specify either or both or neither if you like, it depends on whether the packet you want to inspect is the initiator or the responder.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide