Re: Implemented acl problem on 837

nimrodcohen · ‎01-31-2006

hi

we have a cisco 837 with ios

c837-k9o3y6-mz.122-11.YV.bin

when i load extended ip acl

for example :

access-list 101 permit ip host 223.35.50.36 any

access-list 101 permit ip 223.35.50.0 255.255.255.0 10.70.120.0 255.255.254.0

access-list 101 permit ip any 62.0.24.32 255.255.255.224

access-list 101 permit ip any 62.0.33.0 255.255.255.0

access-list 101 permit ip any 121.0.0.0 255.0.0.0

access-list 101 permit ip any 126.0.0.0 255.0.0.0

access-list 101 permit ip any 160.0.0.0 255.255.0.0

access-list 101 permit ip any 172.20.0.0 255.255.0.0

the line are change to :

access-list 101 permit ip host 223.35.50.36 any

access-list 101 permit ip any 0.0.0.0 255.255.254.0

access-list 101 permit ip any 0.0.0.0 255.255.255.224

access-list 101 permit ip any 0.0.0.0 255.255.255.0

access-list 101 permit ip any 0.0.0.0 255.0.0.0

access-list 101 permit ip any 0.0.0.0 255.255.0.0

can any one explain this ?

pkhatri · ‎01-31-2006

Hi,

You should be using wildcard masks with your ACLs, not subnet masks.

Change the ACL to:

access-list 101 permit ip host 223.35.50.36 any

access-list 101 permit ip 223.35.50.0 0.0.0.255 10.70.120.0 0.0.1.255

access-list 101 permit ip any 62.0.24.32 0.0.0.31

access-list 101 permit ip any 62.0.33.0 0.0.0.255

access-list 101 permit ip any 121.0.0.0 0.255.255.255

access-list 101 permit ip any 126.0.0.0 0.255.255.255

access-list 101 permit ip any 160.0.0.0 0.0.255.255

access-list 101 permit ip any 172.20.0.0 0.0.255.255

Hope that helps - pls rate posts that help.

Regards,

Paresh

nimrodcohen · ‎01-31-2006

you are so right ...sory sory sory..

thanks

pkhatri · ‎01-31-2006

Hey, you got it fixed.. that's what matters.

Pls do remember to rate posts that help.

Paresh