07-23-2009 05:06 AM - edited 03-04-2019 05:31 AM
Greetings:
I'm attempting to add the following access-list to the router and apply the access-group to the WAN facing interface:
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.0.73 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.30 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.7.136 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.7.137 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.7.139 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.4.43 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.7 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.75 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.110 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.111 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.143 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.142 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.147 255.255.255.255
When I add access-list 150 to the configuration, save it, and check the running-config - this is all that shows:
access-list 150 permit ip 0.0.0.0 255.255.255.0 any
I've deleted access-list 150 and re-attempted to add it back with the same results.
Any ideas?
Solved! Go to Solution.
07-23-2009 06:05 AM
07-23-2009 05:14 AM
Hi,
You ACL's network mask is configured wrong, the mask should be inverse mask. Assuming your network 10.233.0.0 is /24, the configuration should be something like this
access-list 150 ip 10.233.0.0 0.0.0.255 host 172.16.0.73
access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.16.5.147
To say that host address can be in the format of host x.x.x.x or x.x.x.x 0.0.0.0 .
Also what do you want to accomplish from the last one except the mask is wrong.
HTH,
jerry
07-23-2009 05:42 AM
Thanks for the prompt reply!!
That did the trick. This is actually a vendor's switch - so I was working off of their recommended ACL list.
Not sure about your last comment regarding what we want to accomplish with the last one ??
07-23-2009 05:56 AM
Hi,
I am refering to this ACL
access-list 150 permit ip 0.0.0.0 255.255.255.0 any
especially 0.0.0.0 255.255.255.0, what are your trying to accomplish here?
Regards,
jerry
07-23-2009 06:01 AM
Ah - when I pasted the (wrongly configured) list to the router - and saved the configuration - when I did a 'show running-config' that was the only entry for access-list 150 listed.
Now the correct list is there and applied to the WAN interface!
Thnaks Jerry for all of you hlp!!
07-23-2009 06:05 AM
Oh, okay, not a problem. And glad that I can help here.
Regards,
jerry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: