We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 641 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


386 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Rene,

    One quick question, why do you need to specify: Robocop(config)#access-list 100 deny ip any any log
    when at the end of every access list there is the invisible deny command.

    Any clarification would be greatly appreciated.


    P.S. Keep up the good work.

  2. Hey… that’s really helpful…thnx so much…keep up the good work!

  3. Hi Srini,

    Let’s take a look at the different IP options:

    R1(config-ext-nacl)#permit ip any any ?
      dscp        Match packets with given dscp value
      fragments   Check non-initial fragments
      log         Log matches against this entry
      log-input   Log matches against this entry, including input interface
      option      Match packets with given IP Options value
      precedence  Match packets with given precedence value
      reflect     Create reflexive access list entry
      time-range  Specify a time-range
      tos         Match packets with given TOS value
      ttl         Ma
    ... Continue reading in our forum

  4. Hi William,

    That’s correct.

    If you use “permit tcp any any eq telnet” then it will only match traffic that has destination port 23. In your example, it will match >

    The return traffic will be >, the source port will be 23 and the destination port is 12345.


  5. Hello Helen

    When you create an access list, and you do not apply it anywhere, it actually does nothing. In order for it to function, you must apply it to an interface and a direction. The interface you choose and the direction you choose will directly affect the results. Let’s say you have the following topology:

    **SW1**--------(Fe0/1) R (Fe0/2)----------SW2

    And you have the subnet connected to SW1 and the 172.16.108/24 subnet connected to SW2. Let’s call these Network A and Network B respectively.

    Now, the access list you have created is co

    ... Continue reading in our forum

31 more replies! Ask a question or join the discussion by visiting our Community Forum