cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
892
Views
10
Helpful
4
Replies

Easy question for access-list configuration

Paolo Fenili
Level 1
Level 1

Dear all,

 

I am a newbie in the Cisco's world and I've encountered a problem.

In our company there are several different VLANs, one of which, for example the VLAN 1 (192.168.1.0), allows wireless devices to access only some local Virtual machine's IP addresses.

The problem is that I have changed these VM's IPs and consequently the connected wireless devices cannot find the VMs.

So i logged into my Core Switch and i gave "show access-list"on the cli with the following results:

Extended IP access list vlan1-to-vlanX

- 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3

- 20 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.4

...and so on up to

- 80 deny ip any any (39 matches)

 

To solve the problem and modify the destination IP addresses I thought to give these commands:

--------------------------------------------

"conf t"

"no 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3"

"^Z"

"conf t"

"10 permit ip 192.168.1.0 0.0.0.255 host 192.168.X.X"

----------------------------------------------

is that right?

 

Thank you very much in advance for your cooperation

 

1 Accepted Solution

Accepted Solutions

Hello

Your nearly correct , just a slight change

 

sh ip access-list vlan1-to-vlan

 

conf t
ip access-list extended vlan1-to-vlan

no 10

10 permit ip 192.168.1.0 0.0.0.255 host 192.168.X.X
exit

 

 

res

Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

4 Replies 4

mateens
Level 1
Level 1

I am not an expert at this but i would do like this...

 

en

conf t

-Enter the specific access-list as there can be many configured i.e

Extended IP access list vlan1-to-vlanX

-Delete the unwanted acl i.e

no 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3

-verify with show command that the acl is deleted.

 

Then you can add your new permit entry.

 

Tip: Use a destination subnet address if you can instead of mentioning individual IP addresses.

google subnet-calculator and use it...

 

 

Thank you for your answer @mateens

However when I apply that, it returns the following error:

en
conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sc1(config)#Extended IP access list vlan1-to-vlanX
             ^
% Invalid input detected at '^' marker.

 if i give this directly, it returns this error:

sc1(config)#no 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3
               ^ 
% Invalid input detected at '^' marker.

Hello

Your nearly correct , just a slight change

 

sh ip access-list vlan1-to-vlan

 

conf t
ip access-list extended vlan1-to-vlan

no 10

10 permit ip 192.168.1.0 0.0.0.255 host 192.168.X.X
exit

 

 

res

Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Paolo Fenili
Level 1
Level 1

Thank you, worked like a charm!