Solved: Re: access lists on Cisco 2900

roncro · ‎07-03-2020

Hello,

I have an access list on my Cisco 2900 router, like so:

access-list 103 permit ip host 192.168.3.17 any

and would like to have another host in there, then just the one. instead of 192.168.3.17 I want 192.168.3.17 and 192.168.3.40 in there. I could do the whole subnet, but I want just the 2 IP addresses in that access list.

(I tried: "access-list 103 permit ip host 192.168.3.17 192.168.3.40 any " but of course that didn't work.)

any ideas on how to do that?

thanks,

Ron

balaji.bandi · ‎07-03-2020

you need to add like below :

access-list 103 permit ip host 192.168.3.17 any

access-list 103 permit ip host 192.168.3.40 any

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎07-03-2020

you need to add like below :

access-list 103 permit ip host 192.168.3.17 any

access-list 103 permit ip host 192.168.3.40 any

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎07-03-2020

@balaji.bandi is quite correct about how to add an entry for a second host. I would point out that with this access list as it exists so far these 2 hosts would be the only hosts in that subnet that are permitted because of the implicit deny ip any any that is at the bottom of the access list. We do not know anything about the environment of the original post and exactly how this access list will be used. If it is to be used for something like Policy Based Routing then perhaps only permit 2 hosts is exactly what is desired. But if it is to applied to the interface to filter traffic perhaps the result is not what is really wanted.

HTH

Rick

roncro · ‎07-05-2020

Hello Richard,

that host is a data-logger and in a vlan with other stuff, that host is one of the few that actually pushes data out on the internet. So yes, that is what I wanted.

thanks,

Ron

roncro · ‎07-05-2020

cool! thanks,

sometimes it is "that" simple isn't it?