ACL on Cisco 3560

Hello Experts,

I have ACL's on a few internal VLAN's and folks are beginning to require the use of Webex. The website says this:

WebEx services are offered over the following IP ranges:

66.163.32.0 - 66.163.63.255
209.197.192.0 - 209.197.223.255
173.243.12.0 - 173.243.12.255 (Subnet)

http://www.webex.com/webexconnect/orgadmin/help/index.htm?toc.htm?17161.htm

Can I use an IP-range command or do I need to list each of these networks individually?

Or for example, just opening a full class B? Would you recommend against this? I can still be more granular on the edge firewall as the ACL's are more flexible. (Also I know the website says it is generally not recommended but it seems they don't change IP's very often.)

66.163.x.x
209.197.x.x

Also, do I specify the command with the mask or the wild card? For example 255.255.0.0 or 0.0.255.255?

Thanks Experts!
LVL 1
zequestionerAsked:
Who is Participating?
 
Craig BeckConnect With a Mentor Commented:
ACLs use wildcards, so 0.0.0.255 format.

You shouldn't just specify a whole /16 - that would defeat the object of the ACL, unless you're wanting to allow access to Apple (they have their own /8).

Your ACL should look something like this...

ip access-list extended WebEx
 permit ip any 66.163.32.0 0.0.31.255
 permit ip any 209.197.192.0 0.0.31.255
 permit ip any 173.243.12.0 0.0.0.255
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.