This post is more than 5 years old
18 Posts
0
1351
6224 running-config does not show L4 port of ace
Where is the L4 port detail of a ace saved on my 6224?
show ip access-list acldom5
Rule Number: 2 Action......................................... permit Match All...................................... FALSE Protocol....................................... 17(udp) Source IP Address.............................. 172.16.5.0 Source IP Mask................................. 0.0.0.255 Destination IP Address......................... 172.16.0.1 Destination IP Mask............................ 0.0.255.0 Destination L4 Port Keyword.................... 53(domain)
show running-config
access-list acldom5 permit udp 172.16.5.0 0.0.0.255 172.16.0.1 0.0.255.0 eq domain
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
March 14th, 2018 11:00
Port 53 is Domain Name System(DNS). In the ACE this is set by either specifying eq 53 or eq domain. Both accomplish the same outcome.
Here are the options available to the eq portion of the ACE:
If this ACE is in the running config, then the L4 port of the ACE will load and be the same as is currently is.
Is there something specific you are wanting to achieve? Or just gathering information?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
1
March 14th, 2018 10:00
The "eq" portion of the ACE denotes the port.
"eq — Equal. Refers to the Layer 4 port number being used as match criteria. The first reference is source match criteria, the second is destination match criteria."
Page 210: http://dell.to/1SbCIzR
gjaltemba
18 Posts
0
March 14th, 2018 10:00
Thanks for the info. I get that the "eq" portion of the ACE denotes the port but the "eq" for the ACE in my running-config is simply "eq domain" as shown. I am expecting "eq 53". This appears to be truncated to me.
If I reset my 6224 to factory and then load my saved running-config the L4 port of ACE would be missing. No?
gjaltemba
18 Posts
0
March 14th, 2018 13:00
Perfect. My confusion started when port number 53 entered was changed to port type domain in the running-config. No problem now that I know port type domain is DNS.
Thank you for making it clear.