Access-List configuration help

worldpeace · ‎01-12-2011

Hello, I need insights on access-list configurations.

I have two subnets sitting on two separate VLANs as follows:

192.168.1.145/29

192.168.1.153/29

I need to permit access from a server (host IP address is 192.168.1.149) in subnet 192.168.1.145/29 to access the entire subnet 192.168.1.153/29 via port say 25... what subnet mask should I use for the destination address?

here's what i entered:

access-list it_dept permit tcp host 192.168.1.149 192.168.1.153 0.0.0.7 eq 25.

Please let me know if the above statement is correct and the correct subnet mask I should use.

Thanks,

lgijssel · ‎01-12-2011

You are making a mistake with the adressing.

In an acl you must use the network address where you entered the first host address:

192.168.1.145/29 should be 192.168.1.144/29

192.168.1.153/29 should be 192.168.1.152/29

The acl mask is correct: 0.0.0.7 (3 bits)

regards,

Leo

worldpeace · ‎01-13-2011

thanks Leo!

Gurpreet Kochar · ‎01-14-2011

I will rate it

lgijssel · ‎01-14-2011

Thnx!

Keep up the good work.

Leo

lgijssel · ‎01-14-2011

Always glad to help. And thank you for not rating.

Peace for the World!

Leo

Nagaraja Thanthry · ‎01-14-2011

Hello,

From your description, it seems like you want to access the server (.149) from the clients in .152 subnet. The access-list depends on where you apply it. If you apply it to the interface that is the default gateway for the server, then the access-list will look like below:

access-list it_dept permit tcp host 192.168.1.149 eq "Server Port" 192.168.1.152 0.0.0.7

If you apply it to the default gateway of the clients, then

access-list it_dept permit tcp 192.168.1.152 0.0.0.7 host 192.168.1.149 eq "Server port"

Hope this helps.

Regards,

NT