Expert: Ketan Kashikar - 7/10/2007

Question
Dear Sir
I m Engineering student in India... The question below asked in last year paper and i couldnot get the answer caz the subject has no practical... So Please answer this question... This is not a homework which i want to ask...



What is the role of following entry in access list of router:-

(1) access list 101 deny icmp any any 8

(2) access list 101 permit 192.168.11.12.0.0.255 any 8

(3) access list 101 deny icmp any any 13

(4) access list 101 permit 192.168.11.12.0.0.255 any 13

(5) access list 101 deny icmp any 17


Answer
Hello Shubham,

1,3 and 5 are ICMP access lists and the sytax description for them is as below:

Internet Control Message Protocol (ICMP)

access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} icmp source source-wildcard destination destination-wildcard [icmp-type[icmp-code] | [icmp-message]] [precedenceprecedence] [tos tos] [log | log-input] [time-range time-range-name][fragments]

In the above syntax, the word mentioned in the [] are optional parameters and the words mentioned in the {} are compulsory parameters. In each of them there are various options to choose from depending upon the condition which is seperated by "|"
-----------------------------------------------------------

Access list 2 and 4 are IP access lists and the sytax description for them is as below:

IP

access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name][fragments]

In the above syntax, the word mentioned in the [] are optional parameters and the words mentioned in the {} are compulsory parameters. In each of them there are various options to choose from depending upon the condition which is seperated by "|"
-----------------------------------------------------------

Now coming back to your examples the description for the given access lists will be as below:

1. access list 101 deny icmp any any 8
-- access list is used as the command
-- 101 is the extended access list no
-- deny is to specify what the access list will do
-- icmp is to mentuion the type of access list
-- 1st any is used to specify from any source
-- 2nd any is used to specify from any destination
-- 8 is the precedence no indicating after which access list this access list will be placed.


2. access list 101 permit 192.168.11.12.0.0.255 any 8
-- access list is used as the command
-- 101 is the extended access list no
-- permit is to specify what the access list will do
-- 192.168.11.12 0.0.0.255 is the source IP address and the wild card mask.
-- any is used to specify from any destination
-- 8 is the precedence no indicating after which access list this access list will be placed.


Rest of the access lists will be simmilar in nature.