Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20236
Views
0
Helpful
4
Replies

EXtended ACL with multiple ports

Frank Dukes
Level 1
Level 1

‎07-30-2012 03:38 AM - edited ‎03-07-2019 08:03 AM

Hi Guys,

I am looking for some help in relation to an acl i want to stick in.

What  i need is to allow certain subnets access a  host via the following tcp ports 80,8080,443,21 and 3128

Does anyone know if its possible to do this with a single line ACL.

something like

access-list 300 permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.20 eq 80 8080 443 3128   

Does this acl look right.

Thanks              

1 person had this problem
Labels:
0 Helpful
4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

‎07-30-2012 04:02 AM

Yes, this acl will work if your version of IOS supports it.

** Correction **

I noticed the number of your acl. This isn't the range of an extended acl (100 - 199) and the ranges don't seem to work on a numbered extended acl. If you create a named acl, it should work:

ip access-list ext Moreports

permit tcp 192.168.12.0 0.0.0.255 any eq 443 8080 8221 55555

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Frank Dukes
Level 1
Level 1
In response to John Blakley

‎07-31-2012 02:02 AM

Hi John,

I tried that but got an error on the 8080 part of the command - so it may well be the ios version does not support multiple ports in the one command. The IOS version is  12.2(18)SXF17b.

Thanks

0 Helpful

Alessio Andreoli
Level 5
Level 5
In response to Frank Dukes

‎07-31-2012 04:48 AM

Hi robert,

i don't think it will work even if it is worth to try the use of a | (pipe) between the port numbers.

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html

If you go nearly at the end of this doc you will find :

operator

(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard, it must match the source port.

If the operator is positioned after the destination and destination-wildcard, it must match the destination port.

The range operator requires two port numbers. All other operators require one port number.

HTH

Alessio

0 Helpful

Frank Dukes
Level 1
Level 1
In response to Alessio Andreoli

‎08-03-2012 01:51 AM

Hi Alessio,

Thanks for that - i will have a look and report back.

Cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card