Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Range Syntax

I'm trying to use this:

access-list 112 permit tcp any 172.16.23.0 0.0.0.255 range 46000 46030

!

on a 7206 router. I know the range command works fine on PIX, however, this is not working on the router, the command takes, but TCP ports within the specified range are being denied.

My question is simple:

Does anyone know what the syntax specifics are when dealing with the RANGE option in Router ACL's?

THanks,

Tim

3 REPLIES
New Member

Re: ACL Range Syntax

Hi,

The syntax is correct ! In the above ACE, you are permiting traffic from any host to the 172.16.23.0 network provided the destination port is between 46000 and 46030. Could you recheck if it is indeed being denied. Also, have you applied this access-list in the correct direction ?

Cheers,

~preetham

New Member

Re: ACL Range Syntax

Yes, its applied in the correct direction (outbound to our internal network). The command does take, however the denies are being logged. A colleague mentioned having to specify the range, with another option. However I'm not having any luck with the documentation.

I may just end up putting the GT operand in the meantime. Just curious if anyone else had run into this situation where the range operand wasn't working.

-Tim

New Member

Re: ACL Range Syntax

Tim,

Everything looks fine in your ACE and it sure should work. Why dont you raise a case with Cisco TAC (technical assistance center), a TAC engineer would help you out. Meanwhile, you could try using the following ACEs -

access-list 112 deny tcp any 172.16.23.0 0.0.0.255 lt 46000

access-list 112 deny tcp any 172.16.23.0 0.0.0.255 gt 46030

access-list 112 permit tcp any 172.16.23.0 0.0.0.255 log

and check to see if they are being permitted.

-Karthik

191
Views
0
Helpful
3
Replies
CreatePlease login to create content