Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access Control List blocking specific ports.

I have a specific network 10.32.64.0 that uses port 6500 and 6600. I don't want any other network to be able to use these ports. How can I do that with a ACL?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Access Control List blocking specific ports.

Would it not be

access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6500

access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6600

access-list 101 deny tcp any any eq 6500

access-list 101 deny tcp any any eq 6600

access-list 101 permit ip any any

3 REPLIES
Hall of Fame Super Blue

Re: Access Control List blocking specific ports.

Hi

access-list 101 deny tcp any 10.32.64.0 255.255.255.0 eq 6500

access-list 101 deny tcp any 10.32.64.0 255.255.255.0 eq 6600

access-list 101 permit ip any any

apply this outbound on the L3 interface that is for the 10.32.64.0 network eg

int fa0/0

ip access-group 101 out

Note - assumed 10.32.64.0 is a 255.255.255.0 subnet mask and that 6500 & 6600 are TCP ports.

Jon

New Member

Re: Access Control List blocking specific ports.

Would it not be

access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6500

access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6600

access-list 101 deny tcp any any eq 6500

access-list 101 deny tcp any any eq 6600

access-list 101 permit ip any any

Hall of Fame Super Blue

Re: Access Control List blocking specific ports.

Harold

Looks like we have read the OP's requirements slightly differently. I assumed he meant that no subnets were allowed to access 10.32.64.0 machines on port 6500, 6600.

I'm not sure what your first 2 lines are doing.

To the OP

I have an annoying habit of forgetting to use inverse masks in router acl's, probably due to too much time on pix firewalls :)

The masks should be 0.0.0.255 and not 255.255.255.0 in my access-list entries.

Apologies for that.

Jon

234
Views
0
Helpful
3
Replies
CreatePlease to create content