Re: ********* Access List Enquiry **************

[Sam LI]

Well, In any circumstance, whatever device who generate traffic to any target, this device will use the port number greater than 1023 as the "From port #" and the "destination port #" will be specific like "80" or "53" etc... when the target device receive this packet, it will swap their "form port #" to "destination port #" and vica versa so the example 1 and example 2 are exactly the same. As far as your example concern, your access list is for incoming traffic.   Sam Li ========= GNOME <[EMAIL PROTECTED]> wrote in message 8tk0jn$e29$[EMAIL PROTECTED]">news:8tk0jn$e29$[EMAIL PROTECTED]... > Hi All > > Which one of the access-list is normally use? > > Example 1 > --------------- > access-list 102 permit tcp any host 172.16.0.1 eq 80 > access-list 102 permit tcp any host 172.16.0.1 eq 53 > > > Example 2 > --------------- > access-list 102 permit tcp any gt 1023 host 172.16.0.1 eq 80 > access-list 102 permit tcp any gt 1023 host 172.16.0.1 eq 53 >                                             (notice the gt 1023) > > I saw from most of the books that Example 1 is common. I don't know what is > the normal practice generally > Appreciate if anyone can share with me his/her comments. Thanks alot > > Regards > Orion > [EMAIL PROTECTED] > > > > > _________________________________ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]