Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Basic ACL question

Hi - in an extended TCP ACL - is there a way to permit or deny a range of port numbers in a single line? I know the port operators (gt, lt, eq, neq) - but they don't seem to accomplish this? Also - can someone recommend a good link for further info? Any help is greatly appreciated.

Jim Woodward

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Basic ACL question

Jim

Yes there is a way to permit or deny a range of ports. There is now a range option in the configuration of extended access lists. Here is an example from one of our operational access lists which uses the range option:

access-list 121 deny tcp any range 0 65535 any range 0 65535 log-input

This particular example is used in part of our

RFP check and specifies a very wide range. Most of the time you would want a more narrow range.

You can configure a range on the source port, on the destination port, or on both (as this example does).

It works well.

HTH

Rick

3 REPLIES
Hall of Fame Super Silver

Re: Basic ACL question

Jim

Yes there is a way to permit or deny a range of ports. There is now a range option in the configuration of extended access lists. Here is an example from one of our operational access lists which uses the range option:

access-list 121 deny tcp any range 0 65535 any range 0 65535 log-input

This particular example is used in part of our

RFP check and specifies a very wide range. Most of the time you would want a more narrow range.

You can configure a range on the source port, on the destination port, or on both (as this example does).

It works well.

HTH

Rick

New Member

Re: Basic ACL question

Thank you very much!!

Jim

Hall of Fame Super Silver

Re: Basic ACL question

Jim

I am glad that my answer was helpful in resolving your question. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that they will read a response which did resolve the question.

The forum is an excellent place to learn more about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

140
Views
5
Helpful
3
Replies
CreatePlease to create content