Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Range Syntax

I'm trying to use this:

access-list 112 permit tcp any range 46000 46030


on a 7206 router. I know the range command works fine on PIX, however, this is not working on the router, the command takes, but TCP ports within the specified range are being denied.

My question is simple:

Does anyone know what the syntax specifics are when dealing with the RANGE option in Router ACL's?



New Member

Re: ACL Range Syntax


The syntax is correct ! In the above ACE, you are permiting traffic from any host to the network provided the destination port is between 46000 and 46030. Could you recheck if it is indeed being denied. Also, have you applied this access-list in the correct direction ?



New Member

Re: ACL Range Syntax

Yes, its applied in the correct direction (outbound to our internal network). The command does take, however the denies are being logged. A colleague mentioned having to specify the range, with another option. However I'm not having any luck with the documentation.

I may just end up putting the GT operand in the meantime. Just curious if anyone else had run into this situation where the range operand wasn't working.


New Member

Re: ACL Range Syntax


Everything looks fine in your ACE and it sure should work. Why dont you raise a case with Cisco TAC (technical assistance center), a TAC engineer would help you out. Meanwhile, you could try using the following ACEs -

access-list 112 deny tcp any lt 46000

access-list 112 deny tcp any gt 46030

access-list 112 permit tcp any log

and check to see if they are being permitted.


CreatePlease login to create content