Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

gjaltemba

18 Posts

1337

March 13th, 2018 13:00

6224 running-config does not show L4 port of ace

Where is the L4 port detail of a ace saved on my 6224?

show ip access-list acldom5

Rule Number: 2
Action......................................... permit
Match All...................................... FALSE
Protocol....................................... 17(udp)
Source IP Address.............................. 172.16.5.0
Source IP Mask................................. 0.0.0.255
Destination IP Address......................... 172.16.0.1
Destination IP Mask............................ 0.0.255.0
Destination L4 Port Keyword.................... 53(domain)

show running-config

access-list acldom5 permit udp 172.16.5.0 0.0.0.255 172.16.0.1 0.0.255.0 eq domain

Anonymous

5 Practitioner

 • 

274.2K Posts

March 14th, 2018 11:00

Port 53 is Domain Name System(DNS). In the ACE this is set by either specifying eq 53 or eq domain. Both accomplish the same outcome. 

Here are the options available to the eq portion of the ACE:

6224 ace eq.png

If this ACE is in the running config, then the L4 port of the ACE will load and be the same as is currently is. 

Is there something specific you are wanting to achieve? Or just gathering information? 

Anonymous

5 Practitioner

 • 

274.2K Posts

March 14th, 2018 10:00

The "eq" portion of the ACE denotes the port. 

"eq — Equal. Refers to the Layer 4 port number being used as match criteria. The first reference is source match criteria, the second is destination match criteria."

Page 210: http://dell.to/1SbCIzR

 

gjaltemba

18 Posts

March 14th, 2018 10:00

Thanks for the info. I get that the "eq" portion of the ACE denotes the port but the "eq" for the ACE in my running-config is simply "eq domain" as shown. I am expecting "eq 53". This appears to be truncated to me.

If I reset my 6224 to factory and then load my saved running-config the L4 port of ACE would be missing. No?

gjaltemba

18 Posts

March 14th, 2018 13:00

Perfect. My confusion started when port  number 53 entered was changed to port type domain in the running-config. No problem now that I know port type domain is DNS.

Thank you for making it clear.

View More

View All

No Events found!

Top