01-31-2006 01:30 AM - edited 02-20-2020 09:36 PM
hi
we have a cisco 837 with ios
c837-k9o3y6-mz.122-11.YV.bin
when i load extended ip acl
for example :
access-list 101 permit ip host 223.35.50.36 any
access-list 101 permit ip 223.35.50.0 255.255.255.0 10.70.120.0 255.255.254.0
access-list 101 permit ip any 62.0.24.32 255.255.255.224
access-list 101 permit ip any 62.0.33.0 255.255.255.0
access-list 101 permit ip any 121.0.0.0 255.0.0.0
access-list 101 permit ip any 126.0.0.0 255.0.0.0
access-list 101 permit ip any 160.0.0.0 255.255.0.0
access-list 101 permit ip any 172.20.0.0 255.255.0.0
the line are change to :
access-list 101 permit ip host 223.35.50.36 any
access-list 101 permit ip any 0.0.0.0 255.255.254.0
access-list 101 permit ip any 0.0.0.0 255.255.255.224
access-list 101 permit ip any 0.0.0.0 255.255.255.0
access-list 101 permit ip any 0.0.0.0 255.0.0.0
access-list 101 permit ip any 0.0.0.0 255.255.0.0
can any one explain this ?
01-31-2006 04:51 AM
Hi,
You should be using wildcard masks with your ACLs, not subnet masks.
Change the ACL to:
access-list 101 permit ip host 223.35.50.36 any
access-list 101 permit ip 223.35.50.0 0.0.0.255 10.70.120.0 0.0.1.255
access-list 101 permit ip any 62.0.24.32 0.0.0.31
access-list 101 permit ip any 62.0.33.0 0.0.0.255
access-list 101 permit ip any 121.0.0.0 0.255.255.255
access-list 101 permit ip any 126.0.0.0 0.255.255.255
access-list 101 permit ip any 160.0.0.0 0.0.255.255
access-list 101 permit ip any 172.20.0.0 0.0.255.255
Hope that helps - pls rate posts that help.
Regards,
Paresh
01-31-2006 10:35 PM
you are so right ...sory sory sory..
thanks
01-31-2006 10:45 PM
Hey, you got it fixed.. that's what matters.
Pls do remember to rate posts that help.
Paresh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: