cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
747
Views
0
Helpful
10
Replies

How to define the access list on router?

ssweehin
Level 1
Level 1

How to define the access list on router?

For example:

Only allow the traffic from 192.168.23.1, 192.168.23.4 and 192.168.23.8.

10 Replies 10

guruprasadr
Level 7
Level 7

HI, [Pls Rate if HELPS]

Create and Extended ACL as below:

Extended IP access list allow

10 permit ip host 192.168.23.1 any

20 permit ip host 192.168.23.4 any

30 permit ip host 192.168.23.8 any

Hope I am Informative.

Pls Rate if HELPS

Best Regards,

Guru Prasad R

if i want deny all the traffic except 192.168.23.1, 192.168.23.4 and 192.168.23.8? Do i need to add in another list to deny all the traffic?

HI, [Pls Rate if HELPS]

Explicit deny will be available by default as the last statement. When you match the ACL, the 3" ip address will only be allowed and rest all be denied using explicit deny available by default.

Extended IP access list allow

10 permit ip host 192.168.23.1 any

20 permit ip host 192.168.23.4 any

30 permit ip host 192.168.23.8 any

Hope I am informative.

Pls Rate if HELPS

Best Regards,

Guru Prasad R

if i only want to allow certain ports on the access list, may i know how to do it?

for example:

port:12322

port:13432

port:12324

Hi,

Is it like that?

30 permit ip host 192.168.23.8 any port:12322

30 permit ip host 192.168.23.8 any port:13432

30 permit ip host 192.168.23.8 any port:12324

Hi,

Is it like that?

30 permit ip host 192.168.23.8 any port:12322

30 permit ip host 192.168.23.8 any port:13432

30 permit ip host 192.168.23.8 any port:12324

Hi There

Not exactly. The number "30" at the start of the ACL defines the line number of the ACL that this statement will occupy and in your example you are attempting to put three statements on the one line. This will not be permitted.

However you could use

ip access-list extended 100

permit tcp host 192.168.23.1 0.0.0.255 any eq 12322

permit tcp host 192.168.23.1 0.0.0.255 any eq 13432

permit tcp host 192.168.23.1 0.0.0.255 any eq 12324

permit tcp host 192.168.23.4 0.0.0.255 any eq 12322

permit tcp host 192.168.23.4 0.0.0.255 any eq 13432

permit tcp host 192.168.23.4 0.0.0.255 any eq 12324

permit tcp host 192.168.23.8 0.0.0.255 any eq 12322

permit tcp host 192.168.23.8 0.0.0.255 any eq 13432

permit tcp host 192.168.23.8 0.0.0.255 any eq 12324

HTH

Best Regards,

Michael

Hi Again

Actually there is an error in the ACL statements I have shown.

If you only want these statements to apply to the specific host addresses shown, leave out the wildcard mask (0.0.0.255) from all statements.

If you want these statements to apply to the entire subnets, then leave out the keyword "host" from all statements.

Best Regards,

Michael

If the port is from 1 to 65530, it is impossible for me to define the port 1 by 1. Can i put like that?

permit tcp host 192.168.23.8 0.0.0.255 any eq 1 to 65530

Hi There

If you want to block/permit EVERY port between say 1500 and 1900 then you could use the "range" option

i.e. permit tcp host 192.168.23.8 0.0.0.255 any range 1500 1900

However if you only want to block/permit say port 1500, 1675, 1806 & 1897, then you would need to write a single line for each individual port that you wish to cover.

HTH

Best Regards,

Michael

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco