Re: Cisco 3750-E Access List

joedavis123 · ‎06-19-2009

Hello, I'm trying to create an access-list to use with policy-based routing. When I create the access list it morphs into something else and I'm not sure exactly why. Here is what I type from the command line:

access-list extended PBR

deny ip host 10.4.31.20 10.1.0.0 255.255.0.0

deny ip host 10.4.31.20 10.3.0.0 255.255.0.0

deny ip host 10.4.31.20 10.4.0.0 255.255.0.0

deny ip host 10.4.31.20 10.8.0.0 255.255.0.0

permit ip host 10.4.31.20 any

After that has been entered (without any errors) and I type show run, here is what it becomes:

ip access-list extended PBR

deny ip host 10.4.31.20 0.0.0.0 255.255.0.0

permit ip host 10.4.31.20 any

Any idea why it does that? I was thinking it has something to do with the classless function, or some other subnet related issue. If it matters, right now I have "ip classless" and "ip subnet-zero" in the configuration. Any ideas? Thanks!

Thotsaphon Lueangwattanaphong · ‎06-19-2009

Joe,

Would you please use "Wildcard mask" in ACL? (grin)

F.e

deny ip host 10.4.31.20 10.8.0.0 0.0.255.255

Note: I'm not sure why Cisco allows us to do that. It's not fair. J/K

Please let me know how things work out.

HTH,

Toshi

joedavis123 · ‎06-19-2009

Argh!! Completely lame on my part. I am so used the ASA configuration and I haven't touched access lists in IOS in a few years. Thank you for pointing that out!

joedavis123 · ‎06-19-2009

Argh!! Completely lame on my part. I am so used the ASA configuration and I haven't touched access lists in IOS in a few years. Thank you for pointing that out!