cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
25
Helpful
10
Replies

Vlan-access list

alsayed
Level 1
Level 1

Hello!

Kindly;can some one explain the Content of this Ip access-List,and how i get Familiar with this Entry

ip access-list extended ACL-ACL

permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80

permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255

10 Replies 10

Edison Ortiz
Hall of Fame
Hall of Fame

permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.128.0-192.168.255.255 to destination network 10.10.100.0-.255 on port 80

permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.64.0-192.168.127.255 to destination network 10.10.100.0-.255 on port 80

permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.32.0-192.168.63.255 to destination network 10.10.100.0-255 on port 80

permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.16.0-192.168.31.255 to destination network 10.10.100.0-255 on port 80

permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.12.0-192.168.15.255 to destination network 10.10.100.0-255 on port 80

permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.11.0-192.168.11.255 to destination network 10.10.100.0-255 on port 80

permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.128.8-192.168.9.255 to destination network 10.10.100.0-255 on port 80

permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80

allows source network 192.168.0.0-192.168.7.255 to destination network 10.10.100.0-255 on port 80

permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255

allows source network 192.168.0.0-192.168.255.255 to destination network 10.10.100.0-255 any port

___________

From the looks of it, the intention was to block network 192.168.10.0/24 to destination 10.10.100.0/24 on port 80

but the last ACL entry will allow it anyway. You are allowing 'all ports' from 192.168.0.0/16 to 10.10.100/24.

You can make this ACL a lot better like this

deny tcp 192.168.10.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80

permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255

Hello Edison,I Hope u doing well.plz provide me a Documents Regarding the Previous Issue.

Edisson Have you Seen Ankur or u heard about him?

10xs

Ali,

What documents are you talking about ?

No, I haven't heard about Ankur.

hello Edison!

documents Regarding how to Calcualate the Wilcard.and another Documents for RSPAN

Mercie

Wildcard calculation is rather simple. To understand the concept, I recommend purchasing a CCNA level book from Cisco Press.

On Wildcard mask, let's say you have a subnet of:

255.255.248.0 - the inverse mask would be 0.0.7.255

The trick is coming up with the number to reach 255. The first 2 octets are already 255, so the inverse mask is 0. The 3rd octet, needs 7 to reach 255 and the 4th needs 255 to reach 255.

__________________

As for the RSPAN, what type of hardware are we dealing with ?

As for the RSPAN, what type of hardware are we dealing with ?

3560G

10xs edison y have been very helpfull

hello

can u plz convert the vlan access-list to vlan access-map

10xs

alsayed
Level 1
Level 1

hello

can y convert this Vlan access-list to Vlan access-map?

10xs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: