Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

EXtended ACL with multiple ports

Hi Guys,

I am looking for some help in relation to an acl i want to stick in.

What  i need is to allow certain subnets access a  host via the following tcp ports 80,8080,443,21 and 3128

Does anyone know if its possible to do this with a single line ACL.

something like

access-list 300 permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.20 eq 80 8080 443 3128   

Does this acl look right.

Thanks              

Everyone's tags (5)
4 REPLIES

Re: EXtended ACL with multiple ports

Yes, this acl will work if your version of IOS supports it.

** Correction **

I noticed the number of your acl. This isn't the range of an extended acl (100 - 199) and the ranges don't seem to work on a numbered extended acl. If you create a named acl, it should work:

ip access-list ext Moreports

permit tcp 192.168.12.0 0.0.0.255 any eq 443 8080 8221 55555

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

EXtended ACL with multiple ports

Hi John,

I tried that but got an error on the 8080 part of the command - so it may well be the ios version does not support multiple ports in the one command. The IOS version is  12.2(18)SXF17b.

Thanks

Re: EXtended ACL with multiple ports

Hi robert,

i don't think it will work even if it is worth to try the use of a | (pipe) between the port numbers.

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html

If you go nearly at the end of this doc you will find :

operator

(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard, it must match the source port.

If the operator is positioned after the destination and destination-wildcard, it must match the destination port.

The range operator requires two port numbers. All other operators require one port number.

HTH

Alessio

New Member

EXtended ACL with multiple ports

Hi Alessio,

Thanks for that - i will have a look and report back.

Cheers

7471
Views
0
Helpful
4
Replies
CreatePlease to create content