Solved

Cisco Access List Help Needed

Posted on 2014-04-03
3
381 Views
Last Modified: 2014-04-03
Hi-

I am trying to set an extend access-list only for systems 10.0.10.100 and above. My access list command is as follows.

access-list 101 permit tcp 10.0.10.100 0.0.0.255 10.0.80.0 0.0.0.255 eq www

When I, wr mem and then show config it always comes back as:

access-list 101 permit tcp 10.0.10.0 0.0.0.255 10.0.80.0 0.0.0.255 eq www

How do I change it to this just 100 and above?

Thanks in advance.
0
Comment
Question by:doctor069
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 27

Accepted Solution

by:
davorin earned 500 total points
ID: 39975956
I'm afraid that you will need multiple lines.
Something like:
access-list 101 permit tcp 10.0.10.100 0.0.0.27 10.0.80.0 0.0.0.255 eq www
access-list 101 permit tcp 10.0.10.128 0.0.0.127 10.0.80.0 0.0.0.255 eq www

Please check this links as I'm not sure if I have specified correct ranges:
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
http://www.tek-tips.com/viewthread.cfm?qid=1464488

Hope it is of any help.
0
 

Author Closing Comment

by:doctor069
ID: 39976068
Perfect! Thanks for your help
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39976072
If you're stuck on a specific range you could always add them manually as below, but it can be long. You may be better off using a /26 or /27 range.

permit tcp 10.0.100.100 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.101 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.102 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.103 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.104 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.105 0.0.0.255 any range 80 eq www
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question