01-12-2011 08:48 PM - edited 03-06-2019 02:57 PM
Hello, I need insights on access-list configurations.
I have two subnets sitting on two separate VLANs as follows:
192.168.1.145/29
192.168.1.153/29
I need to permit access from a server (host IP address is 192.168.1.149) in subnet 192.168.1.145/29 to access the entire subnet 192.168.1.153/29 via port say 25... what subnet mask should I use for the destination address?
here's what i entered:
access-list it_dept permit tcp host 192.168.1.149 192.168.1.153 0.0.0.7 eq 25.
Please let me know if the above statement is correct and the correct subnet mask I should use.
Thanks,
01-12-2011 10:58 PM
You are making a mistake with the adressing.
In an acl you must use the network address where you entered the first host address:
192.168.1.145/29 should be 192.168.1.144/29
192.168.1.153/29 should be 192.168.1.152/29
The acl mask is correct: 0.0.0.7 (3 bits)
regards,
Leo
01-13-2011 08:22 PM
thanks Leo!
01-14-2011 09:45 AM
I will rate it
01-14-2011 11:13 AM
Thnx!
Keep up the good work.
Leo
01-14-2011 08:16 AM
Always glad to help. And thank you for not rating.
Peace for the World!
Leo
01-14-2011 08:27 AM
Hello,
From your description, it seems like you want to access the server (.149) from the clients in .152 subnet. The access-list depends on where you apply it. If you apply it to the interface that is the default gateway for the server, then the access-list will look like below:
access-list it_dept permit tcp host 192.168.1.149 eq "Server Port" 192.168.1.152 0.0.0.7
If you apply it to the default gateway of the clients, then
access-list it_dept permit tcp 192.168.1.152 0.0.0.7 host 192.168.1.149 eq "Server port"
Hope this helps.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide