3 Comments on “Which of the following rules would accomplish this task?”

1. Duncan says:

   May 1, 2015 at 11:28 pm

   Not sure about answer “F”…since DNS is using TCP port 53 (answer “D”)

   
   
   
   0

   
   
   
   0
2. Geo says:

   May 7, 2015 at 5:27 pm

   DNS request on 53/UDP and zone transfer on 53/TCP

   
   
   
   0

   
   
   
   0
3. Marcus Vincent says:

   February 28, 2016 at 9:27 pm

   Please excuse me for this simple question

   I am confused about extended ACLS when we use (permit|deny) for Protocol IP,TCP,UDP on an access list

   I have 2 Examples below

   1. access-list 102 permit tcp any 192.168.10.10

   OR

   access-list 102 permit ip any 192.168.10.10

   2. access-list 103 deny tcp any 192.168.20.10

   OR

   access-list 103 deny ip any 192.168.20.10

   Q1. In example 1 i am permiting TCP and IP protocol from any to 192.168.10.10

   My Question what is difference does it make if we either use TCP or IP in a permit acccess-list ie ( what is the meaning of using IP or TCP) and what impact does it have?

   Q2 Same goes for the access-list 103 what is difference in using TCP or IP in Deny statement and waht impact does it have?

   Q3. If iwant to block or permit traddic through access-list should i use IP or TCP in the Protocol field of access-list

   My confusion is about IP,TCP and UDP. ANSWER:

   Everything is included under IP.

   TCP, UDP, ICMP for examples are all under IP.

   Q1. If you configure IP, that would already include TCP, hence, you do not need to configure TCP anymore if you already configure IP.

   Q2. “deny tcp” will only deny TCP protocol, eg: telnet, smtp, http, while “deny IP” will include everything (TCP, UDP, ICMP proctocol), eg: telnet, smtp, http, dns, icmp, snmp, etc.

   Q3. If you would like to deny everything, you should use “IP” instead of “TCP” only.

   Hope that helps.

   
   
   
   0

   
   
   
   0