06-19-2009 12:37 PM - edited 03-06-2019 06:21 AM
Hello, I'm trying to create an access-list to use with policy-based routing. When I create the access list it morphs into something else and I'm not sure exactly why. Here is what I type from the command line:
access-list extended PBR
deny ip host 10.4.31.20 10.1.0.0 255.255.0.0
deny ip host 10.4.31.20 10.3.0.0 255.255.0.0
deny ip host 10.4.31.20 10.4.0.0 255.255.0.0
deny ip host 10.4.31.20 10.8.0.0 255.255.0.0
permit ip host 10.4.31.20 any
After that has been entered (without any errors) and I type show run, here is what it becomes:
ip access-list extended PBR
deny ip host 10.4.31.20 0.0.0.0 255.255.0.0
permit ip host 10.4.31.20 any
Any idea why it does that? I was thinking it has something to do with the classless function, or some other subnet related issue. If it matters, right now I have "ip classless" and "ip subnet-zero" in the configuration. Any ideas? Thanks!
06-19-2009 12:40 PM
Joe,
Would you please use "Wildcard mask" in ACL? (grin)
F.e
deny ip host 10.4.31.20 10.8.0.0 0.0.255.255
Note: I'm not sure why Cisco allows us to do that. It's not fair. J/K
Please let me know how things work out.
HTH,
Toshi
06-19-2009 12:56 PM
Argh!! Completely lame on my part. I am so used the ASA configuration and I haven't touched access lists in IOS in a few years. Thank you for pointing that out!
06-19-2009 01:01 PM
Argh!! Completely lame on my part. I am so used the ASA configuration and I haven't touched access lists in IOS in a few years. Thank you for pointing that out!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: