07-30-2012 03:38 AM - edited 03-07-2019 08:03 AM
Hi Guys,
I am looking for some help in relation to an acl i want to stick in.
What i need is to allow certain subnets access a host via the following tcp ports 80,8080,443,21 and 3128
Does anyone know if its possible to do this with a single line ACL.
something like
access-list 300 permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.20 eq 80 8080 443 3128
Does this acl look right.
Thanks
07-30-2012 04:02 AM
Yes, this acl will work if your version of IOS supports it.
** Correction **
I noticed the number of your acl. This isn't the range of an extended acl (100 - 199) and the ranges don't seem to work on a numbered extended acl. If you create a named acl, it should work:
ip access-list ext Moreports
permit tcp 192.168.12.0 0.0.0.255 any eq 443 8080 8221 55555
HTH,
John
07-31-2012 02:02 AM
Hi John,
I tried that but got an error on the 8080 part of the command - so it may well be the ios version does not support multiple ports in the one command. The IOS version is 12.2(18)SXF17b.
Thanks
07-31-2012 04:48 AM
Hi robert,
i don't think it will work even if it is worth to try the use of a | (pipe) between the port numbers.
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html
If you go nearly at the end of this doc you will find :
HTH
Alessio
08-03-2012 01:51 AM
Hi Alessio,
Thanks for that - i will have a look and report back.
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide