Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to define the access list on router?

How to define the access list on router?

For example:

Only allow the traffic from 192.168.23.1, 192.168.23.4 and 192.168.23.8.

10 REPLIES

Re: How to define the access list on router?

HI, [Pls Rate if HELPS]

Create and Extended ACL as below:

Extended IP access list allow

10 permit ip host 192.168.23.1 any

20 permit ip host 192.168.23.4 any

30 permit ip host 192.168.23.8 any

Hope I am Informative.

Pls Rate if HELPS

Best Regards,

Guru Prasad R

New Member

Re: How to define the access list on router?

if i want deny all the traffic except 192.168.23.1, 192.168.23.4 and 192.168.23.8? Do i need to add in another list to deny all the traffic?

Re: How to define the access list on router?

HI, [Pls Rate if HELPS]

Explicit deny will be available by default as the last statement. When you match the ACL, the 3" ip address will only be allowed and rest all be denied using explicit deny available by default.

Extended IP access list allow

10 permit ip host 192.168.23.1 any

20 permit ip host 192.168.23.4 any

30 permit ip host 192.168.23.8 any

Hope I am informative.

Pls Rate if HELPS

Best Regards,

Guru Prasad R

New Member

Re: How to define the access list on router?

if i only want to allow certain ports on the access list, may i know how to do it?

for example:

port:12322

port:13432

port:12324

New Member

Re: How to define the access list on router?

Hi,

Is it like that?

30 permit ip host 192.168.23.8 any port:12322

30 permit ip host 192.168.23.8 any port:13432

30 permit ip host 192.168.23.8 any port:12324

New Member

Re: How to define the access list on router?

Hi,

Is it like that?

30 permit ip host 192.168.23.8 any port:12322

30 permit ip host 192.168.23.8 any port:13432

30 permit ip host 192.168.23.8 any port:12324

Silver

Re: How to define the access list on router?

Hi There

Not exactly. The number "30" at the start of the ACL defines the line number of the ACL that this statement will occupy and in your example you are attempting to put three statements on the one line. This will not be permitted.

However you could use

ip access-list extended 100

permit tcp host 192.168.23.1 0.0.0.255 any eq 12322

permit tcp host 192.168.23.1 0.0.0.255 any eq 13432

permit tcp host 192.168.23.1 0.0.0.255 any eq 12324

permit tcp host 192.168.23.4 0.0.0.255 any eq 12322

permit tcp host 192.168.23.4 0.0.0.255 any eq 13432

permit tcp host 192.168.23.4 0.0.0.255 any eq 12324

permit tcp host 192.168.23.8 0.0.0.255 any eq 12322

permit tcp host 192.168.23.8 0.0.0.255 any eq 13432

permit tcp host 192.168.23.8 0.0.0.255 any eq 12324

HTH

Best Regards,

Michael

Silver

Re: How to define the access list on router?

Hi Again

Actually there is an error in the ACL statements I have shown.

If you only want these statements to apply to the specific host addresses shown, leave out the wildcard mask (0.0.0.255) from all statements.

If you want these statements to apply to the entire subnets, then leave out the keyword "host" from all statements.

Best Regards,

Michael

New Member

Re: How to define the access list on router?

If the port is from 1 to 65530, it is impossible for me to define the port 1 by 1. Can i put like that?

permit tcp host 192.168.23.8 0.0.0.255 any eq 1 to 65530

Silver

Re: How to define the access list on router?

Hi There

If you want to block/permit EVERY port between say 1500 and 1900 then you could use the "range" option

i.e. permit tcp host 192.168.23.8 0.0.0.255 any range 1500 1900

However if you only want to block/permit say port 1500, 1675, 1806 & 1897, then you would need to write a single line for each individual port that you wish to cover.

HTH

Best Regards,

Michael

306
Views
0
Helpful
10
Replies