Access-list: combine TCP and UDP ?

Discussion in 'Cisco' started by JF Mezei, Aug 23, 2009.

  1. JF Mezei

    JF Mezei Guest

    say I have:

    access-list 101 tcp deny any any eq 53
    access-list 101 udp deny any any eq 53


    Is there a way to combine this into a single entry in the access list ?
    Seems wasteful to have to duplicate access list entries to cover both
    TCP and UDP accesses.
     
    JF Mezei, Aug 23, 2009
    #1
    1. Advertisements

  2. JF Mezei

    Uli Link Guest

    No.
     
    Uli Link, Aug 23, 2009
    #2
    1. Advertisements

  3. JF Mezei

    Trendkill Guest

    Hmmm....you can deny ip any any, so I would try:

    access-list 101 deny ip any any eq 53

    Never tried it....let me know if it works.
     
    Trendkill, Aug 23, 2009
    #3
  4. JF Mezei

    Uli Link Guest

    Nope, that's what I tested on IOS 12.4 mainline just before my reply,
    and the "eq" wasn't available.
     
    Uli Link, Aug 23, 2009
    #4
  5. JF Mezei

    Trendkill Guest

    Good call, did not think of it that way. Written a ton of ACLs over
    the years, but never really thought about ip vs. a specific protocol
    in terms of the modifiers. Thx.
     
    Trendkill, Aug 24, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.