12-16-2007 08:29 AM - edited 03-05-2019 08:01 PM
Hello!
Kindly;can some one explain the Content of this Ip access-List,and how i get Familiar with this Entry
ip access-list extended ACL-ACL
permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80
permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255
12-16-2007 11:05 AM
permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.128.0-192.168.255.255 to destination network 10.10.100.0-.255 on port 80
permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.64.0-192.168.127.255 to destination network 10.10.100.0-.255 on port 80
permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.32.0-192.168.63.255 to destination network 10.10.100.0-255 on port 80
permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.16.0-192.168.31.255 to destination network 10.10.100.0-255 on port 80
permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.12.0-192.168.15.255 to destination network 10.10.100.0-255 on port 80
permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.11.0-192.168.11.255 to destination network 10.10.100.0-255 on port 80
permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.128.8-192.168.9.255 to destination network 10.10.100.0-255 on port 80
permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80
allows source network 192.168.0.0-192.168.7.255 to destination network 10.10.100.0-255 on port 80
permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255
allows source network 192.168.0.0-192.168.255.255 to destination network 10.10.100.0-255 any port
___________
From the looks of it, the intention was to block network 192.168.10.0/24 to destination 10.10.100.0/24 on port 80
but the last ACL entry will allow it anyway. You are allowing 'all ports' from 192.168.0.0/16 to 10.10.100/24.
You can make this ACL a lot better like this
deny tcp 192.168.10.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80
permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255
12-16-2007 11:08 AM
Hello Edison,I Hope u doing well.plz provide me a Documents Regarding the Previous Issue.
Edisson Have you Seen Ankur or u heard about him?
10xs
12-16-2007 12:53 PM
Ali,
What documents are you talking about ?
No, I haven't heard about Ankur.
12-17-2007 07:18 AM
hello Edison!
documents Regarding how to Calcualate the Wilcard.and another Documents for RSPAN
Mercie
12-17-2007 07:46 AM
Wildcard calculation is rather simple. To understand the concept, I recommend purchasing a CCNA level book from Cisco Press.
On Wildcard mask, let's say you have a subnet of:
255.255.248.0 - the inverse mask would be 0.0.7.255
The trick is coming up with the number to reach 255. The first 2 octets are already 255, so the inverse mask is 0. The 3rd octet, needs 7 to reach 255 and the 4th needs 255 to reach 255.
__________________
As for the RSPAN, what type of hardware are we dealing with ?
12-17-2007 07:56 AM
As for the RSPAN, what type of hardware are we dealing with ?
3560G
12-17-2007 08:09 AM
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12240se/scg/index.htm
Click on the Configuring SPAN and RSPAN link
12-17-2007 08:13 AM
10xs edison y have been very helpfull
12-27-2007 08:29 AM
hello
can u plz convert the vlan access-list to vlan access-map
10xs
12-27-2007 08:26 AM
hello
can y convert this Vlan access-list to Vlan access-map?
10xs
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: