Remember the model OSI model. IP can have multiple higher level protocols running over it. So IP uses protocol numbers to identify the higher level protocol that it should send the data to. If you do a deny ? on a router you will see all the different protocols (eigrp, gre, icmp, ospf, pim, tcp, udp). Once the IP layer passes the packet up to the transport layer the layer 4 protocol has to know which application to send the data to. So the TCP protocol will send traffic on port 80 to the web server and traffic to port 25 to the smtp server.
Layer 7 - Application Layer 6 - Presentation Layer 5 - Session Layer 4 - Transport Hi Anil, > > Sometimes its scaring posting to this group. =) > > To answer your question, > if you don't the permit IP any any command, there is an implicit deny rule > at the end of an access-list, which will drop all traffic that you have not > allowed through the access-list. > > The other two deny statements are dropping netbios port 139 and something > that uses port 6666. > > Hope this helps. > > Scott > > -----Original Message----- > From: Anil Gupte [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 21, 2002 7:59 PM > To: [EMAIL PROTECTED] > Subject: Access Lists are a bit mystifying [7:36164] > > > Hi All! > > I watch this list occassionally (when I have time). This is my first post > to this list, so be kind. :p) > > In the access list below: > ************** > conf t > int ethernet0/0 > no ip access-list extended secure2 > ip access-list extended secure2 > deny tcp any any eq 6666 > deny tcp any any eq 139 > permit ip any any > > int ethernet0/0 > ip access-group secure2 out > ip access-group secure2 in > > exit > wr > ************** > Why is it that you need to deny TCP and permit IP? Or did I not do this > right? > > Thanx, > Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36233&t=36164 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]