Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Access-list

hi expert,

With attach diagram, if i want to permit the access-list to initiate a ssh session from PC to 192.168.1.2. which access list is right ?

1)access-list 101 permit tcp any eq 22 host 192.168.1.2

2)access-list 101 permit tcp any 192.168.1.2 eq 22

5 REPLIES
New Member

Re: Access-list

2

New Member

Re: Access-list

You're close with access-list # 2 above, but it needs to be:

access-list 101 permit tcp any host 192.168.1.2 eq 22

- bec

New Member

Re: Access-list

ic, how about the #1 access-list ?

it is just any host can make session with destination port which is tcp port 22 to host 192.168.1.2 ----is it also right ?

New Member

Re: Access-list

With SSH, the client binds to a "random" TCP high port, which you cannot predict. So your ACL #1 above would not match at all, as you're specifying that the clients are bound to 22/tcp

It is the _server_ that is bound to 22/tcp, which is what you match on, thus #2.

New Member

Re: Access-list

then does this pattern is correct ?

Access-list 101 permit tcp/udp [source ip address][source ip address 's destination port][destination ip address][destination ip 's destination port]

181
Views
0
Helpful
5
Replies
CreatePlease to create content