Solved: 6506 access-list question

cc17926-a · ‎02-15-2015

I am having a bit of trouble understanding the format of the below ACL. I am trying to find out if the subnet 172.22.8.0/24 would be filtered out from hitting the default route gateway using the below rules, as I am not clear on the syntax..

access-list 10 permit 225.3.15.13
access-list 100 permit tcp 172.20.130.0 0.0.0.255 host 192.168.5.40 eq domain log
access-list 100 permit ip 172.20.130.0 0.0.0.255 10.0.0.0 0.255.255.255 log
access-list 100 permit ip 172.20.130.0 0.0.0.255 192.168.5.0 0.0.0.255 log
access-list 100 permit ip 172.20.130.0 0.0.0.255 172.16.0.0 0.15.255.255 log
access-list 100 permit ip any any log
access-list 110 permit ip host 192.168.5.133 any log
access-list 110 permit ip host 192.168.5.135 any log

Thank you!!

Reza Sharifi · ‎02-15-2015

Since you have :

access-list 100 permit ip any any log

172.22.8.0/24 will be permitted.

HTH

View solution in original post

Reza Sharifi · ‎02-15-2015

Since you have :

access-list 100 permit ip any any log

172.22.8.0/24 will be permitted.

HTH

cc17926-a · ‎02-19-2015

Thank you very much for taking the time to answer me on this. Appreciate it!

Jeffrey Birtcher · ‎02-20-2015

might note that this is not a single ACL, but three separate lists.

it bears reviewing which lists are applied to which interfaces before making this judgement. if 10 or 110 is applied to the interface in question, the subnet in question will be blocked - only if 100 is applied will it be permitted.