Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco Access List Help Needed

Posted on 2014-04-03
3
371 Views
Last Modified: 2014-04-03
Hi-

I am trying to set an extend access-list only for systems 10.0.10.100 and above. My access list command is as follows.

access-list 101 permit tcp 10.0.10.100 0.0.0.255 10.0.80.0 0.0.0.255 eq www

When I, wr mem and then show config it always comes back as:

access-list 101 permit tcp 10.0.10.0 0.0.0.255 10.0.80.0 0.0.0.255 eq www

How do I change it to this just 100 and above?

Thanks in advance.
0
Comment
Question by:doctor069
3 Comments
 
LVL 27

Accepted Solution

by:
davorin earned 500 total points
ID: 39975956
I'm afraid that you will need multiple lines.
Something like:
access-list 101 permit tcp 10.0.10.100 0.0.0.27 10.0.80.0 0.0.0.255 eq www
access-list 101 permit tcp 10.0.10.128 0.0.0.127 10.0.80.0 0.0.0.255 eq www

Please check this links as I'm not sure if I have specified correct ranges:
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
http://www.tek-tips.com/viewthread.cfm?qid=1464488

Hope it is of any help.
0
 

Author Closing Comment

by:doctor069
ID: 39976068
Perfect! Thanks for your help
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39976072
If you're stuck on a specific range you could always add them manually as below, but it can be long. You may be better off using a /26 or /27 range.

permit tcp 10.0.100.100 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.101 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.102 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.103 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.104 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.105 0.0.0.255 any range 80 eq www
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 60
How to setup 3 isps on a redundant mode? 3 33
Home wifi - Does it matter what router? 9 54
Password recovery 2960S 4 9
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question