ACL - % Wrong number of parameters or invalid range, size or character

jpablos5 · ‎06-27-2023

Hello,

I am new to Cisco's IOS, and I am trying to run this ACL:

ip access-list extended Angiografo_Philips_to_LAN
permit ip any host 172.19.12.1
permit ip any host 192.168.11.104
permit ip any host 192.168.10.33
permit tcp any host 192.168.10.17 eq 445
permit tcp any host 192.168.10.18 eq 4000
permit tcp any host 192.168.10.18 eq 3000
permit tcp any host 192.168.10.18 eq 3335
permit tcp any host 192.168.10.70 eq 53
permit udp any host 192.168.10.70 eq 53
permit tcp any host 192.168.10.71 eq 53
permit udp any host 192.168.10.71 eq 53
permit tcp any host 192.168.10.25 eq 53
permit udp any host 192.168.10.25 eq 53
permit ip host 172.19.12.44 172.19.15.0 0.0.0.255
deny ip host 172.19.12.44 10.0.0.0 0.255.255.255
deny ip host 172.19.12.44 172.16.0.0 0.15.255.255
deny ip host 172.19.12.44 192.168.0.0 0.0.255.255
permit ip any any

But switch show this message:

UCI-INTERMEDIOS-3(config)#
UCI-INTERMEDIOS-3(config)#ip access-list extended Angiografo_Philips_to_LAN
UCI-INTERMEDIOS-3(config-ip-al)#$255.255.255 172.19.12.1 255.255.255.255
UCI-INTERMEDIOS-3(config-ip-al)#$255.255.255 192.168.11.104 255.255.255.255
UCI-INTERMEDIOS-3(config-ip-al)#$255.255.255 192.168.10.33 255.255.255.255
UCI-INTERMEDIOS-3(config-ip-al)#$.255.255.255 172.19.12.1 255.255.255.2555
UCI-INTERMEDIOS-3(config-ip-al)#$.0 255.255.255.255 host 192.168.10.17 eq 445
% Wrong number of parameters or invalid range, size or characters entered
UCI-INTERMEDIOS-3(config-ip-al)#

What mean this message?

% Wrong number of parameters or invalid range, size or characters entered

How I can to resolve it?

thanks in advance.

MHM Cisco World · ‎06-27-2023

try this and share result
ip access-list extended 100
permit ip any any
see if SW accept this or not

MHM Cisco World · ‎06-27-2023

other workaround dont use 255.255.255.255 in acl instead use host may be your hostname is long and your ACL line with 255.255.255.255 is long also that make the line exceed the limit,
so use host instead of any 255.255.255.255 in your acl and check gain

Joseph W. Doherty · ‎06-27-2023

Can you show your original ACL ACEs for:

UCI-INTERMEDIOS-3(config)#ip access-list extended Angiografo_Philips_to_LAN
UCI-INTERMEDIOS-3(config-ip-al)#$255.255.255 172.19.12.1 255.255.255.255
UCI-INTERMEDIOS-3(config-ip-al)#$255.255.255 192.168.11.104 255.255.255.255
UCI-INTERMEDIOS-3(config-ip-al)#$255.255.255 192.168.10.33 255.255.255.255
UCI-INTERMEDIOS-3(config-ip-al)#$.255.255.255 172.19.12.1 255.255.255.2555
UCI-INTERMEDIOS-3(config-ip-al)#$.0 255.255.255.255 host 192.168.10.17 eq 445
% Wrong number of parameters or invalid range, size or characters entered

Ramblin Tech · ‎06-27-2023

The ACL syntax is valid for at least some IOS platforms, as I pasted it into a CSR1000v without any errors thrown. What IOS platform are you using? Barring some extraneous non-printing control character creeping into your config line that is causing fits for the command parser, it may be possible that your platform does not support matching on a TCP port number. Yes that sounds crazy, but crazier platform-dependent idiosyncrasies have happened before, particularly with older and/or lower-end hardware.

Disclaimers: I am long in CSCO. Bad answers are my own fault as they are not AI generated.