https://community.cisco.com/t5/network-security/access-list-issue/m-p/1676824#M536037 <HTML><HEAD></HEAD><BODY><P>Hi Abbas,</P><P></P><P>If the ports you are opening for them are different then there won,t be an issue, because in the earlier ACL's you've opened port 443 and 1494. To eliminate any confusion apply the new ACL's on top of the list.</P><P></P><P>Do "show access-list", check on whihc line do you have these access-list and add the neqw acl's on top of it by using the line number in acl. for eg these existing acl's are on line 1, so for new acl's</P><P></P><P>access-list 110 line 1 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.53</P><P></P><P>so the new one would be on line 1 and the rest would be pushed down.</P><P></P><P>the more specofoc access-list should always be on top.</P><P></P><P>Hope this helps</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Thu, 14 Jul 2011 02:29:31 GMT varrao 2011-07-14T02:29:31Z https://community.cisco.com/t5/network-security/access-list-issue/m-p/1676823#M536035 <P>I have a access-list implemented with the following lines with 24 bit mask</P><P></P><P></P><P>access-list 110 permit tcp 10.252.1.0 0.0.0.255 host 10.0.0.201 eq 443</P><P>access-list 110 permit tcp 10.252.1.0 0.0.0.255 host 10.0.0.201 eq 1494</P><P>access-list 110 permit tcp 10.252.1.0 0.0.0.255 host 10.0.0.202 eq 443</P><P>access-list 110 permit tcp 10.252.1.0 0.0.0.255 host 10.0.0.202 eq 1494</P><P>access-list 110 permit tcp 10.252.1.0 0.0.0.255 host 10.0.0.203 eq 443</P><P> access-list 110 permit tcp 10.252.1.0 0.0.0.255 host 10.0.0.203 eq 1494</P><P></P><P>Now I want to open some additional ports but only at the 29 bit level 10.252.1.64/29 with the following lineks</P><P></P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.53</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.70</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.58</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.59</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.60</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.48</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.55</P><P>access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.91.86</P><P> access-list 110 permit ip 10.252.1.64 0.0.0.7 host 10.0.14.250</P><P></P><P>Will it work.&nbsp; because under 24 bit mask there must be a host with 10.252.1.64/24 so with the added configuration it may deny or permit everything.</P><P></P><P>Please advise!</P> Mon, 11 Mar 2019 20:58:45 GMT https://community.cisco.com/t5/network-security/access-list-issue/m-p/1676823#M536035 abbas.ali 2019-03-11T20:58:45Z https://community.cisco.com/t5/network-security/access-list-issue/m-p/1676824#M536037 <HTML><HEAD></HEAD><BODY><P>Hi Abbas,</P><P></P><P>If the ports you are opening for them are different then there won,t be an issue, because in the earlier ACL's you've opened port 443 and 1494. To eliminate any confusion apply the new ACL's on top of the list.</P><P></P><P>Do "show access-list", check on whihc line do you have these access-list and add the neqw acl's on top of it by using the line number in acl. for eg these existing acl's are on line 1, so for new acl's</P><P></P><P>access-list 110 line 1 permit ip 10.252.1.64 0.0.0.7 host 10.0.0.53</P><P></P><P>so the new one would be on line 1 and the rest would be pushed down.</P><P></P><P>the more specofoc access-list should always be on top.</P><P></P><P>Hope this helps</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Thu, 14 Jul 2011 02:29:31 GMT https://community.cisco.com/t5/network-security/access-list-issue/m-p/1676824#M536037 varrao 2011-07-14T02:29:31Z