Hi there,
I'm trying to validate the building of a tool for managing Cisco ACL commands.
Thing is i'm using the aclcheck sintax validator (i dont own cisco equipament) with the following command do check
access-list 101 permit udp host 192.10.05.233 EQ 80 host 225.193.43.235 EQ 80
My previous question helped me to correct errors in my tool but as far as i`ve researched this command should be right. A source host, source port, destination host and destination port filter, right?
OBS: Don`t bother about the addresses, they are just hypothetical, my tool only has to generate cisco commands in the right syxtax.
Regards,
-
The syntax is valid, however this access-list will rarely be useful. You typically just want to specify the destination port as requests will use a random source port for each connection. Try this:
access-list 101 permit udp host 192.168.10.05.233 host 255.193.43.235 eq 80
That will allow connections with any source port with a destination port of 80.
As far as not having any cisco equipment, if you can get your hands on an IOS image you can emulate it with GNS3 http://www.gns3.net/
jaderanderson : Yeah i know... weird that the syntax checker does`nt get it :S. Thanks for the tip of GNS3... that would be a awesome addition for demonstrating my project... too bad i got no time left for this. Final presentation is Saturday. Are you sure my command runs on IOS then? It it what i need to know so i can defend my project. Thanks again!Jason Berg : That command is perfectly validFrom Jason Berg
0 comments:
Post a Comment