We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


312 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Rene,

    In your example

    access-list 100 permit tcp host eq 80
    this will allow only tcp traffic with port no 80 from to
    no where you allowed telnet traffic(port 23) then how telnet is successful.

  2. andrew says:

    You are right that telnet traffic, by default, is port 23. However, telnet will run on any port you tell it to. In the lesson, Rene told telnet to use port 80 with the following command

    telnet 80 /source-interface loopback 0

    Using telnet in this way to probe whether a port is open is a very useful trick that network admins use all the time in troubleshooting/verification.

  3. Hi Rene,

    The lesson is really great. Thank you very much for it.

    I configured the network discussed. But changed loopback of R2 with another network behind R2. The access list was configured in the "out" interface of R2 to prevent all traffic except the http traffic from loopback of R1 to reach the network which replaced the loopback of R2. As expected it filters the traffic from R1 and allows http traffic from loopback of R1. To my surprise the traffic generated in R2 irrespective of it being http or ping is not filtered by the access list eventhough it is configured in the "out" interface of R2. Wonder how this can be explained.

    Thank you in advance.


  4. Hi Rene,

    Thanks for your very nice article ...
    I want to know what about the command "ip prefix-list " . It is used to classify/select traffic. Want to know more about this . Thx

    I didn't understand the Andrew statement .........

    ip access-list extended ACL_TELNET-CLIENT-2-SERVER
    permit tcp host <CLIENT> host <SERVER> eq 23 [Can't understand the syntax ]


  5. mgtube says:

    Hi Rene,

    Have you tackled “lock-and-key” or dynamic ACLs anywhere ? I’ve looked around and haven’t found anything but I might have missed something.

    If not will you address this at some point ?

    Thanks in advance for you reply !

24 more replies! Ask a question or join the discussion by visiting our Community Forum