Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Downloadable ACL

Hi, have requirements to setup a DACL on Cisco ACS that will prevent all type of traffic to a bunch of servers, located in different subnets. They all have common 4th octet address of .46

eg. 10.2.3.46, 10.45.2.46, 192.168.10.46... Hate to enter line by line for each and every server.

Would appreciate if someone suggest a correct combination of host ip and subnet mask that will prevent all type of access to servers in any subnet. Servers have common 4th octet of 46.

Thanks

4 REPLIES
Gold

Re: Downloadable ACL

what device are you downloading acls to?

New Member

Re: Downloadable ACL

ASA 5520

Gold

Re: Downloadable ACL

I'm not in my lab right now, but try creating your ACL with syntax like the following:

...permit/deny ip 0.0.0.46 0.0.0.255 any

...or however you wanted to. I don't remember if it's IOS or PIX/ASA , or both, that support this type of ACL, but it's worth a shot to see if it even accepts the ACE.

New Member

Re: Downloadable ACL

To enable wildcard usage within ASA i had to enter the following:

aaa-server RADIUS_SERVER protocol radius

acl-netmask-convert wildcard

Then, i had to check every DACL and make sure this change will not have "weird" issues with existing DACLs. After testing and a bit of reconfiguration all works OK.

Thanks

191
Views
0
Helpful
4
Replies
CreatePlease login to create content