07-23-2009 05:06 AM - edited 03-04-2019 05:31 AM
Greetings:
I'm attempting to add the following access-list to the router and apply the access-group to the WAN facing interface:
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.0.73 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.30 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.7.136 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.7.137 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.7.139 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 10.1.4.43 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.7 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.75 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.110 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.28.0.111 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.143 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.142 255.255.255.255
access-list 150 permit ip 10.233.0.0 255.255.255.0 172.16.5.147 255.255.255.255
When I add access-list 150 to the configuration, save it, and check the running-config - this is all that shows:
access-list 150 permit ip 0.0.0.0 255.255.255.0 any
I've deleted access-list 150 and re-attempted to add it back with the same results.
Any ideas?
Solved! Go to Solution.
07-23-2009 06:05 AM
07-23-2009 05:14 AM
Hi,
You ACL's network mask is configured wrong, the mask should be inverse mask. Assuming your network 10.233.0.0 is /24, the configuration should be something like this
access-list 150 ip 10.233.0.0 0.0.0.255 host 172.16.0.73
access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.16.5.147
To say that host address can be in the format of host x.x.x.x or x.x.x.x 0.0.0.0 .
Also what do you want to accomplish from the last one except the mask is wrong.
HTH,
jerry
07-23-2009 05:42 AM
Thanks for the prompt reply!!
That did the trick. This is actually a vendor's switch - so I was working off of their recommended ACL list.
Not sure about your last comment regarding what we want to accomplish with the last one ??
07-23-2009 05:56 AM
Hi,
I am refering to this ACL
access-list 150 permit ip 0.0.0.0 255.255.255.0 any
especially 0.0.0.0 255.255.255.0, what are your trying to accomplish here?
Regards,
jerry
07-23-2009 06:01 AM
Ah - when I pasted the (wrongly configured) list to the router - and saved the configuration - when I did a 'show running-config' that was the only entry for access-list 150 listed.
Now the correct list is there and applied to the WAN interface!
Thnaks Jerry for all of you hlp!!
07-23-2009 06:05 AM
Oh, okay, not a problem. And glad that I can help here.
Regards,
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide