Solved: Need to change ACL on Cisco 2800

daveshute · ‎10-06-2010

Can someone help me out with the CLI commands for changing this one line in an ACL. I have to change it so only the following IP ranges are accepted for TCP 25.

208.65.144.0 /0.0.7.255

208.81.64.0 /0.0.3.255

I masked the public IP below with ######'s but you get the idea.

150 permit tcp any host ###.###.###.### eq smtp (2360180 matches)

Any helpd that you can provide would be greatly appreciated.

Nagaraja Thanthry · ‎10-06-2010

Hello,

Please try the following:

ip access-list extended

146 permit tcp 208.65.144.0 0.0.7.255 host ####### eq 25

147 permit tcp 208.81.64.0 0.0.3.255 host ####### eq 25

no 150 permit tcp any host ###.###.###.### eq smtp

Hope this helps.

Regards,

NT

View solution in original post

Nagaraja Thanthry · ‎10-06-2010

Hello,

146 and 147 are the sequence numbers ensuring that the new lines go before the existing lines. When you normaly configure the access-list, the router sequences it with increments of 10.

Regards,

NT

View solution in original post

Nagaraja Thanthry · ‎10-06-2010

Hello,

Please try the following:

ip access-list extended

146 permit tcp 208.65.144.0 0.0.7.255 host ####### eq 25

147 permit tcp 208.81.64.0 0.0.3.255 host ####### eq 25

no 150 permit tcp any host ###.###.###.### eq smtp

Hope this helps.

Regards,

NT

daveshute · ‎10-06-2010

Just curious what are the 146 and 147 referencing? All other items on the current ACL are incremented by 10. Does it matter?

146 permit tcp 208.65.144.0 0.0.7.255 host ####### eq 25

147 permit tcp 208.81.64.0 0.0.3.255 host ####### eq 25

Nagaraja Thanthry · ‎10-06-2010

Hello,

146 and 147 are the sequence numbers ensuring that the new lines go before the existing lines. When you normaly configure the access-list, the router sequences it with increments of 10.

Regards,

NT

daveshute · ‎10-06-2010

Thanks for all your help.