If you look at the access list, the first "any" is the SOURCE host - you could restrict access to users with a specific ip address or a range on ip addresses, the second "any" is the destination address, the same rules apply. The reason you can specify is for a situation like mine. I have one WWW server in my internal network. I only want WWW requests to be able to hit that server. So my access list looks like this "access-list 101 permit tcp any host 209.206.xxx.xxx eq www". (notice the HOST keyword, then you don't have to use a subnet mask)
The last half of the access list command, the "eq" means equivalent - what you are actually permitting is a tcp connection on port 80 (the www equivalent). If you needed access to a specific port (for instance, you have an IRC server that uses port 6667) you can say "eq 6667" for that specific port. All others will be blocked.
Mike
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, May 18, 2000 12:31 PM
To: [EMAIL PROTECTED]
Subject: A little unsure...
Hey Group,
This may take a little space so if you don't have much time just close it out. I am writing the CCNA in 4 days. My question is on the topic of Access-lists. I know them very well and am not worried about them on the test. My questions are geared more towards fully understanding them for being in the field. Here we go...
For example:
access-list 101 permit tcp any any eq www
To me this is saying to permit anything leading with a www. I am wondering more on the syntax. Why are there 2 any's? Is it using 2 so it can say any tcp and any www? Why dont they just write .......permit tcp any eq www?
another is:
access-list 101 permit IP any any
I have no clue why they use 2 any's on this one. If I used only 1 would it not work?
I generally know my stuff but I process things better when I can totally digest them. If this is a waste of your time I apologise but I just wanted to clear my head on this. Thanks so much guys/ladies, ~Mark Z.~
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
