The difference is that in the 2nd one, the source port must be 80 (www) to match. It makes a bit more sense when you see it as the port number:
10 permit tcp 10.1.1.0 0.0.0.255 eq 80 any So, this will match any packet with a source of 10.1.1.0/24 and port 80, to any other TCP traffic. -Jim ----- Original Message ----- From: khalid aljorf To: [email protected] Sent: Saturday, January 26, 2008 6:11 AM Subject: [OSL | CCIE_RS] ACL Q Greetings R&S what is the different between the following entries in an extended name access list: 10 permit tcp 10.1.1.0 0.0.0.255 any eq www 10 permit tcp 10.1.1.0 0.0.0.255 eq www any i mean the position of "any eq www" and " eq www any"???? thnx
