topic Re: Invalid input detected on ACL deny command in Network Security

Invalid input detected on ACL deny command

sl236 — Sat, 15 Apr 2023 15:41:28 GMT

Hi I am trying to create an access list and I keep getting a syntax error on this command:

access-list 1 deny 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
^

The error marker is on the start of the second VLAN ip. I am pretty sure the wildcard mask is correct because it is a simple /24 network.

Re: Invalid input detected on ACL deny command

Rob Ingram — Sat, 15 Apr 2023 15:47:34 GMT

@sl236 you need to define an extended ACL which is numbered 100-199, you also need to define the protocol (ip, tcp, udp etc). Example (modifications in bold😞

access-list 100 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

FYI, you can also configure a named ACL to achieve the same thing.

Re: Invalid input detected on ACL deny command

MHM Cisco World — Sat, 15 Apr 2023 15:47:51 GMT

access-list 1 deny 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 <<- standard ACL only allow source OR destination
you need to use extended ACL (it start with 100)