05-07-2008 12:36 AM - edited 03-03-2019 09:50 PM
How to define the access list on router?
For example:
Only allow the traffic from 192.168.23.1, 192.168.23.4 and 192.168.23.8.
05-07-2008 12:42 AM
HI, [Pls Rate if HELPS]
Create and Extended ACL as below:
Extended IP access list allow
10 permit ip host 192.168.23.1 any
20 permit ip host 192.168.23.4 any
30 permit ip host 192.168.23.8 any
Hope I am Informative.
Pls Rate if HELPS
Best Regards,
Guru Prasad R
05-07-2008 01:04 AM
if i want deny all the traffic except 192.168.23.1, 192.168.23.4 and 192.168.23.8? Do i need to add in another list to deny all the traffic?
05-07-2008 01:13 AM
HI, [Pls Rate if HELPS]
Explicit deny will be available by default as the last statement. When you match the ACL, the 3" ip address will only be allowed and rest all be denied using explicit deny available by default.
Extended IP access list allow
10 permit ip host 192.168.23.1 any
20 permit ip host 192.168.23.4 any
30 permit ip host 192.168.23.8 any
Hope I am informative.
Pls Rate if HELPS
Best Regards,
Guru Prasad R
05-07-2008 01:46 AM
if i only want to allow certain ports on the access list, may i know how to do it?
for example:
port:12322
port:13432
port:12324
05-07-2008 02:00 AM
Hi,
Is it like that?
30 permit ip host 192.168.23.8 any port:12322
30 permit ip host 192.168.23.8 any port:13432
30 permit ip host 192.168.23.8 any port:12324
05-07-2008 02:10 AM
Hi,
Is it like that?
30 permit ip host 192.168.23.8 any port:12322
30 permit ip host 192.168.23.8 any port:13432
30 permit ip host 192.168.23.8 any port:12324
05-07-2008 02:28 AM
Hi There
Not exactly. The number "30" at the start of the ACL defines the line number of the ACL that this statement will occupy and in your example you are attempting to put three statements on the one line. This will not be permitted.
However you could use
ip access-list extended 100
permit tcp host 192.168.23.1 0.0.0.255 any eq 12322
permit tcp host 192.168.23.1 0.0.0.255 any eq 13432
permit tcp host 192.168.23.1 0.0.0.255 any eq 12324
permit tcp host 192.168.23.4 0.0.0.255 any eq 12322
permit tcp host 192.168.23.4 0.0.0.255 any eq 13432
permit tcp host 192.168.23.4 0.0.0.255 any eq 12324
permit tcp host 192.168.23.8 0.0.0.255 any eq 12322
permit tcp host 192.168.23.8 0.0.0.255 any eq 13432
permit tcp host 192.168.23.8 0.0.0.255 any eq 12324
HTH
Best Regards,
Michael
05-07-2008 03:19 AM
Hi Again
Actually there is an error in the ACL statements I have shown.
If you only want these statements to apply to the specific host addresses shown, leave out the wildcard mask (0.0.0.255) from all statements.
If you want these statements to apply to the entire subnets, then leave out the keyword "host" from all statements.
Best Regards,
Michael
05-07-2008 03:38 AM
If the port is from 1 to 65530, it is impossible for me to define the port 1 by 1. Can i put like that?
permit tcp host 192.168.23.8 0.0.0.255 any eq 1 to 65530
05-07-2008 04:51 AM
Hi There
If you want to block/permit EVERY port between say 1500 and 1900 then you could use the "range" option
i.e. permit tcp host 192.168.23.8 0.0.0.255 any range 1500 1900
However if you only want to block/permit say port 1500, 1675, 1806 & 1897, then you would need to write a single line for each individual port that you wish to cover.
HTH
Best Regards,
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide