www.unix.org.ua

[db77]

I'm working in packet tracer on ACL's.
I have a lab from my Cisco class that tells me to specify multiple protocols in one ACL statement but packet tracer is not allowing it as a valid command.
More specifically I'm trying to allow a host ftp and http access to a server and the command I am supposed to issue is

Router1(config-ext-nacl)#permit tcp host 10.0.0.10 host 172.17.1.1 eq ftp www log

However it's not working. Is it possible to list multiple protocols in a single ACL statement? Is this just a packet tracer limitation? Also if I am permitting/allowing FTP do I need to specify both ports or just one? Is it preferrable to use the protocol name or port when creating ACLs?

I hope you guys don't mind me asking so many questions. I'm just getting started with Cisco and I have so many. I can't always ask my professors these questions when I'm at home working on labs but I've found the CCNA study group to be an invaluable resource and there are really no words that can express how grateful I am when you guys take the time to assist me.


Thanks

[Conwyn]

Hi db77
One for the security boys but I think the answer is

IOS (No)
PIX/ASA (Yes)
IOS 12.4(20) with object groups (Yes)


Regards Conwyn

[db77]

So basically it may or may not be possible depending upon the device and/or IOS?

[Conwyn]

Hi db79

yes


Regards Conwyn

[db77]

Thanks.