Reset Search
 

 

Article

ACL Does Not Permit Traffic When TCP Port is Specified but Allows Traffic When All IP permitted

« Go Back

Information

 
TitleACL Does Not Permit Traffic When TCP Port is Specified but Allows Traffic When All IP permitted
Symptoms
  • Telnet from the 203.0.113.250 to 10.0.10.2 does not allow access  with ACL specifying TCP port
permit tcp host 203.0.113.250 host 10.0.10.2 eq 23
  • Do not specify port and it works
permit ip host 203.0.113.1.25 host 10.0.10.2
Environment
S-Series
Cause
Telnet uses port 23 as a destination when initiating the conversation and the server replies with a random port. The ACL was applied inbound, therefore the ACL  had no permit for the outbound telnet conversation.
Resolution
Apply the ACl both ways
interface vlan.0.1
ip address 203.0.113.1 255.255.255.0
ip access-group 101 in
ip access-group 101 out

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255