NTP access list help

the request:

-8.x needs UDP access to 20.x and 21.
-We also need 12.x subnet to be able have NTP access to the 22.x

i'm reading that as 1) 8.x needs to be able to send UDP traffic to 20.x and 21.x and 2)  12.x needs to send NTP traffic to 22.x.

based on a year old config file that was sent to me, each subnet is a vlan with extended access groups for inbound and outbound traffic. i am going to have to look at the current config when i visit my client and go from there.

would this be accomplished by?

for 1)
ip access-list extended vlan8_out
permit udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan20_in
permid udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan21_in
permid udp x.x.8.0 0.0.0.255 any

for 2)

ip access-list extended vlan12_out
permit udp any eq ntp x.x.22.0 0.0.0.255

ip access-list extended vlan22_in
permit udp any eq ntp x.x.22.0 0.0.0.255
LVL 1
NetrincAsked:
Who is Participating?
 
GeneralMandibleCommented:
I think this is what you're looking for:

for 1)
ip access-list extended vlan8_out
permit udp any x.x.20.0 0.0.0.255
permit udp any x.x.21.0 0.0.0.255

ip access-list extended vlan20_in
permit udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan21_in
permit udp x.x.8.0 0.0.0.255 any

for 2)

ip access-list extended vlan12_out
permit udp any x.x.22.0 0.0.0.255 eq ntp

ip access-list extended vlan22_in
permit udp x.x.8.0 0.0.0.255 any eq ntp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.