Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
0
Helpful
3
Replies

4500-X VSS Pair IP access-list extended shows up as all 0s

Go to solution
ndemers
Cisco Employee
Cisco Employee

‎10-14-2015 01:50 PM - edited ‎03-08-2019 02:13 AM

The access-list is not being implemented properly.    Why are they showing up as 0's for the subnet portion?

 

 

Example-4500X-01(config)#ip access-list extended 155 
Example-4500X-01(config-ext-nacl)#
Example-4500X-01(config-ext-nacl)#permit tcp 192.168.155.0 255.255.255.0 192.168.164.0 255.255.255.0 eq 22609
Example-4500X-01(config-ext-nacl)#permit ip 192.168.155.0 255.255.255.0 192.168.166.0 255.255.255.0 
Example-4500X-01(config-ext-nacl)#permit ip 192.168.155.0 255.255.255.0 192.168.174.0 255.255.255.0 
Example-4500X-01(config-ext-nacl)#deny ip 192.168.155.0 255.255.255.0 any
Example-4500X-01(config-ext-nacl)#
Example-4500X-01(config-ext-nacl)#^Z
Example-4500X-01#show acce
Example-4500X-01#show access-l
Example-4500X-01#show access-lists 155
Extended IP access list 155
    10 permit tcp 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0 eq 22609
    20 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
    30 deny ip 0.0.0.0 255.255.255.0 any
Example-4500X-01#

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎10-14-2015 02:16 PM

Hi,

You need t ouse wildcard masks for access lists
You also dont need the last clause as there is always
an implicit deny any at the end of all access lists.

!
ip access-list extended 155
permit tcp 192.168.155.0 0.0.0.255 192.168.164.0 0.0.0.255 eq 22609
permit ip 192.168.155.0 0.0.0.255 192.168.166.0 0.0.0.255
permit ip 192.168.155.0 0.0.0.255 192.168.174.0 0.0.0.255
!
end
!

Regards
Alex

Regards, Alex. Please rate useful posts.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎10-14-2015 02:16 PM

Hi,

You need t ouse wildcard masks for access lists
You also dont need the last clause as there is always
an implicit deny any at the end of all access lists.

!
ip access-list extended 155
permit tcp 192.168.155.0 0.0.0.255 192.168.164.0 0.0.0.255 eq 22609
permit ip 192.168.155.0 0.0.0.255 192.168.166.0 0.0.0.255
permit ip 192.168.155.0 0.0.0.255 192.168.174.0 0.0.0.255
!
end
!

Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful

Go to solution
ndemers
Cisco Employee
Cisco Employee
In response to acampbell

‎10-14-2015 03:16 PM

I claim an average of 4 hours asleep a night for almost a week as my excuse....and dyslexia and any other excuse I can think of.  :)

I appreciate the sanity check I totally misread the context sensitive help

 

 

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-14-2015 02:23 PM

See Alex's reply.

Jon

0 Helpful
Customers Also Viewed These Support Documents