• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 434
  • Last Modified:

ACL on Cisco 3560

Hello Experts,

I have ACL's on a few internal VLAN's and folks are beginning to require the use of Webex. The website says this:

WebEx services are offered over the following IP ranges:

66.163.32.0 - 66.163.63.255
209.197.192.0 - 209.197.223.255
173.243.12.0 - 173.243.12.255 (Subnet)

http://www.webex.com/webexconnect/orgadmin/help/index.htm?toc.htm?17161.htm

Can I use an IP-range command or do I need to list each of these networks individually?

Or for example, just opening a full class B? Would you recommend against this? I can still be more granular on the edge firewall as the ACL's are more flexible. (Also I know the website says it is generally not recommended but it seems they don't change IP's very often.)

66.163.x.x
209.197.x.x

Also, do I specify the command with the mask or the wild card? For example 255.255.0.0 or 0.0.255.255?

Thanks Experts!
0
zequestioner
Asked:
zequestioner
1 Solution
 
Craig BeckCommented:
ACLs use wildcards, so 0.0.0.255 format.

You shouldn't just specify a whole /16 - that would defeat the object of the ACL, unless you're wanting to allow access to Apple (they have their own /8).

Your ACL should look something like this...

ip access-list extended WebEx
 permit ip any 66.163.32.0 0.0.31.255
 permit ip any 209.197.192.0 0.0.31.255
 permit ip any 173.243.12.0 0.0.0.255
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now