01-16-2018 04:32 AM - edited 03-05-2019 09:46 AM
I feel like i'm going mad here. I'm trying to create an ACL to place on VTY interfaces but my permit tcp 172.16.0.0 0.240.255.255 any eq 22 command is getting changed to permit tcp 172.0.0.0 0.240.255.255 any eq 22 once committed! It's changing the .16 to a .0!
See below...
YSSAPLCSSWI001#conf t
Enter configuration commands, one per line. End with CNTL/Z.
YSSAPLCSSWI001(config)#ip access-list extended SSH_ACCESS
YSSAPLCSSWI001(config-ext-nacl)#$addresses permitted to SSH on to the device
YSSAPLCSSWI001(config-ext-nacl)# remark #Allow established
YSSAPLCSSWI001(config-ext-nacl)# permit tcp any any established
YSSAPLCSSWI001(config-ext-nacl)#remark #RFC1918 Addresses
YSSAPLCSSWI001(config-ext-nacl)#permit tcp 10.0.0.0 0.255.255.255 any eq 22
YSSAPLCSSWI001(config-ext-nacl)#permit tcp 172.16.0.0 0.240.255.255 any eq 22
YSSAPLCSSWI001(config-ext-nacl)# permit tcp 192.168.0.0 0.0.255.255 any eq 22
YSSAPLCSSWI001(config-ext-nacl)# remark #Log any denies
YSSAPLCSSWI001(config-ext-nacl)# deny ip any any log
YSSAPLCSSWI001(config-ext-nacl)#ex
YSSAPLCSSWI001(config)#do show ip access-list SSH_ACCESS
Extended IP access list SSH_ACCESS
10 permit tcp any any established
20 permit tcp 10.0.0.0 0.255.255.255 any eq 22
30 permit tcp 172.0.0.0 0.240.255.255 any eq 22
40 permit tcp 192.168.0.0 0.0.255.255 any eq 22
50 deny ip any any log
This is preventing SSH connections from our 172 network spaces. As the ACL is rejecting them. Am I missing something obvious?
Solved! Go to Solution.
01-16-2018 04:35 AM - edited 01-16-2018 04:36 AM
01-16-2018 04:35 AM - edited 01-16-2018 04:36 AM
permit tcp 172.16.0.0 0.15.255.255
Jon
01-16-2018 04:41 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide