Solved: how to - access list for subnet range

jacob6000 · ‎06-02-2014

I have been trying to get the syntax right to allow certain outbound traffic based on subnets. the first two lines are fine but I can't get the third and fourth line to take. What is the correct way to do this?

ip access-list extended TEST
permit ip any host x.x.x.x
permit ip any host x.x.x.x

permit ip any host 65.54.54.128 0.0.0.31

permit ip any host 65.55.127.0 0.0.0.255

Thank you,

Rolando Valenzuela · ‎06-02-2014

Just remove the host keyword

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

permit ip any 65.54.54.128 0.0.0.127

permit ip any 65.55.127.0 0.0.0.255

permit ip any 65.55.121.128 0.0.0.63

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

Rolando Valenzuela

View solution in original post

mtarawne · ‎06-02-2014

Hello

permit ip any host 65.54.54.128 0.0.0.31

permit ip any host 65.55.127.0 0.0.0.255

this is not valid as you already using the keyword host and then using wild card mask . we use wild card mask if we need a range .

permit ip any host 65.54.54.128 this means permit ip any 65.54.54.128 0.0.0.0

so instead of writing 0.0.0.0 we use keyword host

hope I understood your question correctly

regards,

jacob6000 · ‎06-02-2014

Not exactly.

I need to permit or deny these ranges only:

65.54.54.128/25
65.55.121.128/27
65.55.127.0/24

What is the syntax?

Rolando Valenzuela · ‎06-02-2014