07-30-2012 03:38 AM - edited 03-07-2019 08:03 AM
Hi Guys,
I am looking for some help in relation to an acl i want to stick in.
What i need is to allow certain subnets access a host via the following tcp ports 80,8080,443,21 and 3128
Does anyone know if its possible to do this with a single line ACL.
something like
access-list 300 permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.20 eq 80 8080 443 3128
Does this acl look right.
Thanks
07-30-2012 04:02 AM
Yes, this acl will work if your version of IOS supports it.
** Correction **
I noticed the number of your acl. This isn't the range of an extended acl (100 - 199) and the ranges don't seem to work on a numbered extended acl. If you create a named acl, it should work:
ip access-list ext Moreports
permit tcp 192.168.12.0 0.0.0.255 any eq 443 8080 8221 55555
HTH,
John
07-31-2012 02:02 AM
Hi John,
I tried that but got an error on the 8080 part of the command - so it may well be the ios version does not support multiple ports in the one command. The IOS version is 12.2(18)SXF17b.
Thanks
07-31-2012 04:48 AM
Hi robert,
i don't think it will work even if it is worth to try the use of a | (pipe) between the port numbers.
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html
If you go nearly at the end of this doc you will find :
HTH
Alessio
08-03-2012 01:51 AM
Hi Alessio,
Thanks for that - i will have a look and report back.
Cheers
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: