I am looking for some help in relation to an acl i want to stick in.
What i need is to allow certain subnets access a host via the following tcp ports 80,8080,443,21 and 3128
Does anyone know if its possible to do this with a single line ACL.
access-list 300 permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.20 eq 80 8080 443 3128
Does this acl look right.
Yes, this acl will work if your version of IOS supports it.
** Correction **
I noticed the number of your acl. This isn't the range of an extended acl (100 - 199) and the ranges don't seem to work on a numbered extended acl. If you create a named acl, it should work:
ip access-list ext Moreports
permit tcp 192.168.12.0 0.0.0.255 any eq 443 8080 8221 55555
I tried that but got an error on the 8080 part of the command - so it may well be the ios version does not support multiple ports in the one command. The IOS version is 12.2(18)SXF17b.
i don't think it will work even if it is worth to try the use of a | (pipe) between the port numbers.
If you go nearly at the end of this doc you will find :
(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port.
If the operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number.