Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

simple question

What is the difference in the following:

access-list 100 permit tcp any any a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255 eg 22

access-list 100 permit tcp a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255

My question is:

does the 1st one allows only ssh traffic?

does the 2nd one allow all traffic?

can the 1st one be written as

access-list 100 permit tcp a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255 eg 22

Everyone's tags (1)
1 REPLY
VIP Purple

Re: simple question

You fist line has a wrong syntax. It *has* to be written

access-list 100 permit tcp a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255 eg 22

Just think about what an ACE expects at which place. And with the given mask, "d" and "z" have to be "0".

After that correction, your assumptions are nearly right. The first line allows SSH betweeen the two given subnets (or whatever runs on TCP/22 on the destination machine) while the second allows all TCP-Traffic, but nothing else (ICMP/UDP/GRE ...).

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
723
Views
0
Helpful
1
Replies
CreatePlease login to create content