Solved: Re: Invalid input detected on ACL deny command

sl236 · ‎04-15-2023

Hi I am trying to create an access list and I keep getting a syntax error on this command:

access-list 1 deny 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
^

The error marker is on the start of the second VLAN ip. I am pretty sure the wildcard mask is correct because it is a simple /24 network.

Rob Ingram · ‎04-15-2023

@sl236 you need to define an extended ACL which is numbered 100-199, you also need to define the protocol (ip, tcp, udp etc). Example (modifications in bold

access-list 100 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

FYI, you can also configure a named ACL to achieve the same thing.

View solution in original post

MHM Cisco World · ‎04-15-2023

access-list 1 deny 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 <<- standard ACL only allow source OR destination
you need to use extended ACL (it start with 100)

View solution in original post

Rob Ingram · ‎04-15-2023

@sl236 you need to define an extended ACL which is numbered 100-199, you also need to define the protocol (ip, tcp, udp etc). Example (modifications in bold

access-list 100 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

FYI, you can also configure a named ACL to achieve the same thing.

MHM Cisco World · ‎04-15-2023

access-list 1 deny 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 <<- standard ACL only allow source OR destination
you need to use extended ACL (it start with 100)