09-14-2006 05:27 AM - edited 03-03-2019 02:00 PM
Recently we incporated an ACL on all our devices for the read SNMP string (had it for write). My ACL looks like this:
access-list 1300 remark ACS for SNMP Read
access-list 1300 permit host 10.1.1.150
access-list 1300 permit 10.1.17.0 0.0.0.254
access-list 1300 permit 10.1.8.0 0.0.0.254
access-list 1300 permit 10.1.36.0 0.0.0.255
access-list 1300 deny any log
snmp-server community XXXX RO 1300
When I look at the log 10.1.8.69 (Whats Up Server) is getting denied, falling into the deny any any section of this ACL? Any suggestions?
09-14-2006 05:39 AM
Hi,
your access-list has two wildcard masks of 0.0.0.254
This means any odd numbered host will be denied because the last bit in the IP address has to be zero. Replace it with 0.0.0.255 and it should work.
Hope this helps! Please rate all posts.
Regards, Martin
09-14-2006 06:29 AM
your permit 10.1.8.0 0.0.0.254 only permits even numbered devices on the last octet.
09-14-2006 06:43 AM
Our intention was to permit 10.1.8.X and 10.1.9.X with this line. What would that command look like?
09-14-2006 06:53 AM
access-list 1300 permit 10.1.8.0 0.0.1.255
now this will not work for the .17 if you want .17 and .18 youe will need to put in
access-list 1300 permit 10.1.17.0 0.0.0.255
access-list 1300 permit 10.1.18.0 0.0.0.255
09-14-2006 08:04 PM
Hi
to permit only .8 andd .9 network i think u need two statements
access-list 1300 permit 10.1.8.0 0.0.0.255
access-list 1300 permit 10.1.9.0 0.0.0.255
Wildcard mask looks for exact match if 0 is their and if 1 is their it can be anything
If U want only single statement for both networks
try using this
access-list 1300 permit 10.1.8.0 0.0.9.255
HTH
Thanks
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide