Heloo- can anyone tell me what diffrence it makes using access-list 101 permit tcp or access-list 101 permit ip TIA I asked my tutor who said it makes no diffrence?
- posted
17 years ago
Heloo- can anyone tell me what diffrence it makes using access-list 101 permit tcp or access-list 101 permit ip TIA I asked my tutor who said it makes no diffrence?
"access-list 101 permit tcp " won't permit udp
"access-list 101 permit ip" permits both tcp and udp services
Aubrey
Wow, your tutor says, it makes no difference? very bad tutor...
Remember the OSI model?
layer5 BGP layer4 TCP, UDP layer3 IP, OSPF layer2 ethernet, Frame_relay, etc layer1 physics
If you say "permit IP", you permit any layer 'above and including the IP layer'. So, that would mean you permit any IP protocol (TCP, UDP, ESP, AH, etc)
If you say "permit TCP", you permit any layer 'above and including the TCP layer'. So, that would mean you permit: any TCP protocol (BGP, telnet, HTTP, etc). But you will not permit UDP, ESP, DOMAIN, TFTP, etc)
In short IP includes TCP, TCP does not include IP.
FW
Look at what protocols each of those applications use. Do they use 'tcp' or 'udp? With DNS are you interested in 'queries' (which use udp) or zone transfers (which use tcp)? Though Windows will also use tcp for queries if it has many to send.
BernieM
OSPF sits on top of IP - protocol nr 89.
Another lousy tutor that makes me feel so sorry for his students.
Here is an example, so you can tell the difference:
Gobal mode: access-l 101 deny tcp any "ip address" eq 25 access-l 101 permit ip any any
Interface: ip access-group 101 in (out)
Notice that 25 is a TCP port
The Dude
Thanks guys- I have a little more Ledge now.
Yes, I typed too quickly. I know that. I tried to make clear that there is a difference between permit ip and permit tcp.
FW
He is badly wrong. The first will only permit tcp, the second will permit UDP and ICMP as well.
TCP/IP model has 4 layers:
Application Host-to-Host Internet Network Access
OSI Model has 7 layers:
Application Presentation Session Transport Network Data Link (which has 2 sublayers: LLC and MAC) Physical
The Dude
TCP/IP _ OSI _ | Application | Application--------------------- | Presentation | ------ Handled by the application/software |_ Session _| Transport------------------------ -> Transport Internetwork ------------------ ->_ Network _ Network Interface --------------| Data Link | ---------- Handled by the NIC (network interface |_ Physical _| card)
H> > Thanks for that -clarification is essential
Good information
We buy sell all Cisco, Discount up to 80% off on New Used Cisco. LinkWaves Corp
29980 Technology Drive, Suite 6 Murrieta, CA 92563BernieM wrote:
Thanks for that guys,but I still dont undrstand why it matches layers
3-7-can you dumb it down a little please?
There's no reason. TCP/IP predates ISO's OSI model quite a bit. OSI model was a just a twinkle in someone's eyes when TCP/IP was up and running.
OSI is DEAD DEAD DEAD DEAD. It's completely dead model and is only useful for passing idiotic tests that insists on testing dead technology that is of no use.
So just memorize the OSI model and move on. Dump the knowledge after you take the test. DOD Model (tcp/ip) is more than adequate for troubleshooting, thinking logically etc.
So is it just a Cisco question? I am sure I read another test where it said it matched diffrent layers ? Fair enough ,thanks for the heads up./.
Everyone uses it. I had it show up on every test I ever took (Novell, MS, CNX, Sniffer, CCNx/IE etc.etc...ad nauseum)
Really quite annoying...to tell you the truth! :)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.