Access-lists for IP protocols other than TCP/UDP/ICMP

Discussion in 'Cisco' started by PJML, Jul 17, 2003.

  1. PJML

    PJML Guest

    I may need to develop access-lists to permit protocols
    other than the usual TCP/UDP/ICMP streams. Given that
    I know the IP protocol-number(s) in the headers of the
    streams I want to permit, just what would be the
    access-list syntax for this? I can see access-lists
    that handle the classic TCP port-number stuff, but
    nothing on protocol-number.

    -PJML.
     
    PJML, Jul 17, 2003
    #1
    1. Advertisements

  2. Put the protocol number in place of the protocol name, e.g.

    access-list 101 permit 50 any host 192.168.10.20
     
    Barry Margolin, Jul 17, 2003
    #2
    1. Advertisements

  3. :I may need to develop access-lists to permit protocols
    :eek:ther than the usual TCP/UDP/ICMP streams. Given that
    :I know the IP protocol-number(s) in the headers of the
    :streams I want to permit, just what would be the
    :access-list syntax for this? I can see access-lists
    :that handle the classic TCP port-number stuff, but
    :nothing on protocol-number.

    Put in the protocol number instead of 'ip', 'tcp', or 'udp' or 'icmp'. e.g.,

    access-list 103 permit 51 host 12.7.8.12 host 89.54.20.196
     
    Walter Roberson, Jul 17, 2003
    #3
  4. PJML

    PJML Guest

    Excellent! Thanks!

    -PJML.
     
    PJML, Jul 17, 2003
    #4
  5. PJML

    db Guest

    You just put in the protocol number where you would put
    "tcp" or "udp". For example, to permit all TCP and all
    ip protocol 27 packets, use

    access-list 141 permit tcp any any
    access-list 141 permit 27 any any
     
    db, Jul 17, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.