08-17-2010 06:23 PM - edited 03-04-2019 09:27 AM
Dear All,
I would like to ask you about how to configure Access-list between line 1 and line 2 let me show detail as below:
i have access-list as below and i want to add one access-list between 192.168.1.0 and 192.168.2.0
which command that we can do this?
ip access-list extended ACL_Coreswitch
deny ip any 192.168.52.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
##########
permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any
i mean that
ip access-list extended ACL_Coreswitch
deny ip any 192.168.52.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
-------
permit ip 192.168.27.0 0.0.0.255 192.168.90.0 0.0.0.255
--------
permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any
Best Regards,
Rechard
Solved! Go to Solution.
08-17-2010 06:44 PM
My first question is what is the IOS version?
You can look at the sequence number of the ACL and then modify it accordingly. Here is the example I did in my lab with your config:
Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
10 deny ip any 192.168.52.0 0.0.0.255
20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
60 permit ip any any
Rack1R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R1(config)#ip access-list ex ACL_Coreswitch
Rack1R1(config-ext-nacl)#25 perm ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
Rack1R1(config-ext-nacl)#exit
Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
10 deny ip any 192.168.52.0 0.0.0.255
20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
25 permit ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
60 permit ip any any
I believe you can do this after IOS 12.2(14)S, 12.2(15)T, 12.2(33)SRA, 12.2SX.
HTH,
jerry
08-17-2010 06:44 PM
My first question is what is the IOS version?
You can look at the sequence number of the ACL and then modify it accordingly. Here is the example I did in my lab with your config:
Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
10 deny ip any 192.168.52.0 0.0.0.255
20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
60 permit ip any any
Rack1R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R1(config)#ip access-list ex ACL_Coreswitch
Rack1R1(config-ext-nacl)#25 perm ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
Rack1R1(config-ext-nacl)#exit
Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
10 deny ip any 192.168.52.0 0.0.0.255
20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
25 permit ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
60 permit ip any any
I believe you can do this after IOS 12.2(14)S, 12.2(15)T, 12.2(33)SRA, 12.2SX.
HTH,
jerry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: