I believe that the ACL Version will only match traffic in one direction where as the second one would work either direction.
For the ACL to match either direction it would need to look like this: access-list 101 permit tcp any any eq 3389 access-list 101 permit tcp any eq 3389 any access-list 102 permit tcp any any eq 22 access-list 102 permit tcp any eq 22 any access-list 102 permit tcp any any eq telnet access-list 102 permit tcp any eq telnet any I'd be interested in the take on this from others but that's my $.02 worth. -Mike ------------------------------ Message: 3 Date: Mon, 19 Oct 2009 04:32:52 -0700 (PDT) From: Aung Phyo Lwin <[email protected]> Subject: [OSL | CCIE_RS] Custom que list To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Hi, What will be the difference between these 2 configurations? access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq 22 access-list 102 permit tcp any any eq telnet queue-list 1 protocol ip 1 queue-list 1 protocol ip 2 list 101 queue-list 1 protocol ip 3 list 102 queue-list 1 protocol arp 4 queue-list 1 protocol cdp 5 queue-list 1 default 6 ========================================= queue-list 1 protocol ip 2 tcp 3389 queue-list 1 protocol ip 3 tcp telnet queue-list 1 protocol ip 3 tcp 22 queue-list 1 protocol arp 4 queue-list 1 protocol cdp 5 queue-list 1 protocol ip 1 queue-list 1 default 6 ========================================== Regards, Phyo New Email addresses available on Yahoo! Get the Email name you've always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://onlinestudylist.com/pipermail/ccie_rs/attachments/20091019/fc8908f1/a ttachment-0001.htm _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
