cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
238
Views
0
Helpful
8
Replies
Highlighted
Beginner

access to additional subnets

Hi everyone,

 

I have a PC in the 10.1.4.0 subnet and I need to be able to access switches in 10.1.2.0 and a NAS in 10.1.7.0.

At the moment I can ping but can't ssh to 10.1.2.0 and can neither ping nor http to 10.1.7.0 network.

 

I'd like to tweak the ACL so I can have access to both of these, can you help me out?

 

Cheers

 

Extended IP access list INTERVLAN

    10 permit ip 10.1.2.0 0.0.0.255 10.1.102.0 0.0.0.255

    20 permit ip 10.1.102.0 0.0.0.255 10.1.2.0 0.0.0.255

    30 permit ip 10.1.3.0 0.0.0.255 10.1.103.0 0.0.0.255

    40 permit ip 10.1.103.0 0.0.0.255 10.1.3.0 0.0.0.255

    50 permit ip 10.1.3.0 0.0.0.255 10.1.14.0 0.0.0.255

    60 permit ip 10.1.14.0 0.0.0.255 10.1.3.0 0.0.0.255

    70 permit ip 10.1.103.0 0.0.0.255 10.1.14.0 0.0.0.255

    80 permit ip 10.1.14.0 0.0.0.255 10.1.103.0 0.0.0.255

    90 permit ip 10.1.4.0 0.0.0.255 10.1.5.0 0.0.0.255

    100 permit ip 10.1.5.0 0.0.0.255 10.1.4.0 0.0.0.255

    110 permit ip 10.1.4.0 0.0.0.255 10.1.105.0 0.0.0.255

    120 permit ip 10.1.105.0 0.0.0.255 10.1.4.0 0.0.0.255

    130 permit ip 10.1.5.0 0.0.0.255 10.1.105.0 0.0.0.255

    140 permit ip 10.1.105.0 0.0.0.255 10.1.5.0 0.0.0.255

    150 permit ip 10.1.7.0 0.0.0.255 10.1.107.0 0.0.0.255

    160 permit ip 10.1.107.0 0.0.0.255 10.1.7.0 0.0.0.255

    170 permit ip 10.1.11.0 0.0.0.255 10.1.12.0 0.0.0.255

    180 permit ip 10.1.12.0 0.0.0.255 10.1.11.0 0.0.0.255

    190 permit ip 10.1.11.0 0.0.0.255 10.1.111.0 0.0.0.255

    200 permit ip 10.1.111.0 0.0.0.255 10.1.11.0 0.0.0.255

    210 permit ip 10.1.12.0 0.0.0.255 10.1.111.0 0.0.0.255

    220 permit ip 10.1.111.0 0.0.0.255 10.1.12.0 0.0.0.255

    230 permit ip 10.1.31.0 0.0.0.255 host 10.1.14.7

    240 permit ip 10.1.32.0 0.0.0.255 host 10.1.14.7

    250 permit ip 10.1.33.0 0.0.0.255 host 10.1.14.7

    260 permit ip host 10.1.14.7 10.1.31.0 0.0.0.255

    270 permit ip host 10.1.14.7 10.1.32.0 0.0.0.255

    280 permit ip host 10.1.14.7 10.1.33.0 0.0.0.255

    290 permit ip host 10.1.15.15 host 10.1.106.111

    300 permit ip host 10.1.106.111 host 10.1.15.15

    310 deny ip any any
Everyone's tags (1)
3 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Mentor

Re: access to additional subnets

Hello,

 

looking at your access list, I think you need to add the below:

 

310 permit ip 10.1.4.0 0.0.0.255 10.1.2.0 0.0.0.255
320 permit ip 10.1.2.0 0.0.0.255 10.1.4.0 0.0.0.255
330 permit ip 10.1.4.0 0.0.0.255 10.1.7.0 0.0.0.255
340 permit ip 10.1.7.0 0.0.0.255 10.1.4.0 0.0.0.255
350 deny ip any any

Hall of Fame Guru

Re: access to additional subnets

 

121 permit ip host 10.1.4.3 10.1.2.0 0.0.0.255  <-- where 10.1.4.3 is your host

etc...

 

and yes you can insert the lines anywhere as long as they are before the last line in your acl. 

 

Jon

VIP Mentor

Re: access to additional subnets

Hello,

 

the below would permit just host 10.1.4.2:

 

121 permit ip host 10.1.4.2 10.1.2.0 0.0.0.255
122 permit ip 10.1.2.0 0.0.0.255  host 10.1.4.2
123 permit ip host 10.1.4.2 10.1.7.0 0.0.0.255
124 permit ip 10.1.7.0 0.0.0.255 host 10.1.4.2

8 REPLIES 8
VIP Mentor

Re: access to additional subnets

Hello,

 

looking at your access list, I think you need to add the below:

 

310 permit ip 10.1.4.0 0.0.0.255 10.1.2.0 0.0.0.255
320 permit ip 10.1.2.0 0.0.0.255 10.1.4.0 0.0.0.255
330 permit ip 10.1.4.0 0.0.0.255 10.1.7.0 0.0.0.255
340 permit ip 10.1.7.0 0.0.0.255 10.1.4.0 0.0.0.255
350 deny ip any any

Beginner

Re: access to additional subnets

Can I also just add it like this?

121 permit ip 10.1.4.0 0.0.0.255 10.1.2.0 0.0.0.255
122 permit ip 10.1.2.0 0.0.0.255 10.1.4.0 0.0.0.255
123 permit ip 10.1.4.0 0.0.0.255 10.1.7.0 0.0.0.255
124 permit ip 10.1.7.0 0.0.0.255 10.1.4.0 0.0.0.255

Beginner

Re: access to additional subnets

How about if I want to permit a specific host access to the subnet? When I think about it I only want my admin PC to have full access - not every computer in my subnet.

 

Cheers

Hall of Fame Guru

Re: access to additional subnets

 

121 permit ip host 10.1.4.3 10.1.2.0 0.0.0.255  <-- where 10.1.4.3 is your host

etc...

 

and yes you can insert the lines anywhere as long as they are before the last line in your acl. 

 

Jon

VIP Mentor

Re: access to additional subnets

Sorry, didn't see that you already answered that one...

 

VIP Mentor

Re: access to additional subnets

Hello,

 

the below would permit just host 10.1.4.2:

 

121 permit ip host 10.1.4.2 10.1.2.0 0.0.0.255
122 permit ip 10.1.2.0 0.0.0.255  host 10.1.4.2
123 permit ip host 10.1.4.2 10.1.7.0 0.0.0.255
124 permit ip 10.1.7.0 0.0.0.255 host 10.1.4.2

VIP Mentor

Re: access to additional subnets

Hello,

 

that's fine, too, it doesn't matter where in the access list the sequences are put...

Beginner

Re: access to additional subnets

cheers guys, works like a charm
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards