cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
725
Views
0
Helpful
4
Replies

Downloadable ACL

Hi, have requirements to setup a DACL on Cisco ACS that will prevent all type of traffic to a bunch of servers, located in different subnets. They all have common 4th octet address of .46

eg. 10.2.3.46, 10.45.2.46, 192.168.10.46... Hate to enter line by line for each and every server.

Would appreciate if someone suggest a correct combination of host ip and subnet mask that will prevent all type of access to servers in any subnet. Servers have common 4th octet of 46.

Thanks

4 Replies 4

srue
Level 7
Level 7

what device are you downloading acls to?

ASA 5520

I'm not in my lab right now, but try creating your ACL with syntax like the following:

...permit/deny ip 0.0.0.46 0.0.0.255 any

...or however you wanted to. I don't remember if it's IOS or PIX/ASA , or both, that support this type of ACL, but it's worth a shot to see if it even accepts the ACE.

To enable wildcard usage within ASA i had to enter the following:

aaa-server RADIUS_SERVER protocol radius

acl-netmask-convert wildcard

Then, i had to check every DACL and make sure this change will not have "weird" issues with existing DACLs. After testing and a bit of reconfiguration all works OK.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: