Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
1
Replies

Access-list with wild Card

Go to solution
kjanakiraman
Level 1
Level 1

‎09-24-2003 08:04 PM - edited ‎03-02-2019 10:34 AM

Hi,

We have a IPLC Leased line circuit between our two offices and data,voice(IP Phone) and video traffic pass through this link. I have configured CBWFQ with LLQ and set priority for voice and video and fair-queue for data. The Video conference equipment ip address in location 1 is 192.168.15.251 and location 2 is 192.168.4.251. The IP phone in Location 1 uses from 192.168.15.1-240 and in location 2 192.168.4.1-240. After creating class map with match access-group, i configured two access-list in Location 1

access-list 101 permit ip host 192.168.15.251 host 192.168.4.251(This is for Video Conference)

access-list 102 permit ip 192.168.15.0 0.0.0.248 192.168.4.0 0.0.0.248 (For IP Phone)

In location 2 also i created the same type of access-list but reversing the source and destination address.

After this configuration was done video conference iw working perfectly with packets getting matched when i give sh access-list 101.

But there is no voice pockets that is matching the access-list 102 and the voice sometimes getting gittery and pockets getting lost.

Can some one tell what is the mistake in the configuration and suggest me how to rectify the problem.

Thanks in Advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
milan.kulik
Level 10
Level 10

‎09-24-2003 11:12 PM

Hi,

IMHO, the wildcard in your access-list 102 is incorrect.

I'm afraid it's impossible to express the address range 192.168.15.1-240 via a single wildcard.

So I'd try following ACL:

access-list 102 deny ip 192.168.15.255 0.0.0.15 192.168.4.0 0.0.0.255

access-list 102 deny ip 192.168.15.0 0.0.0.255 192.168.4.255 0.0.0.15

access-list 102 permit ip 192.168.15.0 0.0.0.255 192.168.4.0 0.0.0.255

The first line denies traffic from 192.168.15.241-255 to 192.168.4.0

The second line denies traffic from 192.168.15.0 to 192.168.4.241-255

The third line permits traffic from 192.168.15.0 to 192.168.4.0

The final effect is only traffic from 192.168.15.1-240 to 192.168.4.1-240 is permitted.

You need to swap source and destination addresses on the other location, of course.

Regards,

Milan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
milan.kulik
Level 10
Level 10

‎09-24-2003 11:12 PM

Hi,

IMHO, the wildcard in your access-list 102 is incorrect.

I'm afraid it's impossible to express the address range 192.168.15.1-240 via a single wildcard.

So I'd try following ACL:

access-list 102 deny ip 192.168.15.255 0.0.0.15 192.168.4.0 0.0.0.255

access-list 102 deny ip 192.168.15.0 0.0.0.255 192.168.4.255 0.0.0.15

access-list 102 permit ip 192.168.15.0 0.0.0.255 192.168.4.0 0.0.0.255

The first line denies traffic from 192.168.15.241-255 to 192.168.4.0

The second line denies traffic from 192.168.15.0 to 192.168.4.241-255

The third line permits traffic from 192.168.15.0 to 192.168.4.0

The final effect is only traffic from 192.168.15.1-240 to 192.168.4.1-240 is permitted.

You need to swap source and destination addresses on the other location, of course.

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents