Agreed. They do have a way to map additional ports to the pre-defined services though. So for telnet for example you can add port 233, 2333, etc so when you specify 'telnet' in an ACL (or similar list) it matches port 23, 233, and 2333.
Whats weird is I was looking at this yesterday, and for some ACL stuff the keyword is http and for other stuff it is www. I'm sure theres other keywords that mean the same as others but thats the one I noticed. Then again i don't port-map matches up to all the ACL keywords, I think it matches up against some other security features. I've used it for telnet in ACLs though with no problems in past. I guess consistency with port #s and service names would be a good thing. Maybe it would be nice if they didn't hardcode these in IOS but referenced a services file on the flash that could be editable like in most OS's. I think this may happen... it seems they are starting to clean up IOS and get rid of old protocols and modularize stuff so it uses similar syntax. MQC for example. --- Priscilla Oppenheimer wrote: > You're assuming IOS is a modern operating system or > something akin to a data > dictionary or programming language. It's not. :-) If > the IOS engineers > include keywords in the command line interface, then > you can use them. If > they don't, you can't. > > Your idea sounds like a good one though. You could > suggest it to Cisco, but > I don't think they could easily accomdate such a > change in philosophy. > > Priscilla > > Munit Singla wrote: > > > > Hi , > > There default ports given in the IOS .We can use > both to refer > > those > > ports by names as well as port numbers .Can we > customize it and > > to the > > defaut list ports by names not by numbers. or I > want to use it > > use > > customized ports used for my applications by names > in my access > > list. > > Is there any command to create customized ports by > Name. > > See what my problem is when we make an extended > access lists we > > can > > define source and destination ports.there is > standard list of > > ports > > there to be used in access list that we can use by > number or > > name.If we > > want to customize the port according to our > default application > > we can > > add that port by number only.Is there a way to > refer those > > ports by > > names in my access list.and can we add these > customized TCP/UDP > > ports in > > the default list which is displayed, so that we > can refer it > > when ever > > we like in our access-lists by name. > > Example: > > access-list 100 permit tcp any any eq Nortonvirus > > Here Nortonvirus keyword should refer to the port > 5000. and > > this name > > and port mapping should get added to the default > list so that i > > can > > refer later.here I am assuming nortons application > is using > > port number > > 5000. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59341&t=59276 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
