Solved

Cisco Access List Help Needed

Posted on 2014-04-03
3
362 Views
Last Modified: 2014-04-03
Hi-

I am trying to set an extend access-list only for systems 10.0.10.100 and above. My access list command is as follows.

access-list 101 permit tcp 10.0.10.100 0.0.0.255 10.0.80.0 0.0.0.255 eq www

When I, wr mem and then show config it always comes back as:

access-list 101 permit tcp 10.0.10.0 0.0.0.255 10.0.80.0 0.0.0.255 eq www

How do I change it to this just 100 and above?

Thanks in advance.
0
Comment
Question by:doctor069
3 Comments
 
LVL 27

Accepted Solution

by:
davorin earned 500 total points
ID: 39975956
I'm afraid that you will need multiple lines.
Something like:
access-list 101 permit tcp 10.0.10.100 0.0.0.27 10.0.80.0 0.0.0.255 eq www
access-list 101 permit tcp 10.0.10.128 0.0.0.127 10.0.80.0 0.0.0.255 eq www

Please check this links as I'm not sure if I have specified correct ranges:
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
http://www.tek-tips.com/viewthread.cfm?qid=1464488

Hope it is of any help.
0
 

Author Closing Comment

by:doctor069
ID: 39976068
Perfect! Thanks for your help
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39976072
If you're stuck on a specific range you could always add them manually as below, but it can be long. You may be better off using a /26 or /27 range.

permit tcp 10.0.100.100 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.101 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.102 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.103 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.104 0.0.0.255 any range 80 eq www
permit tcp 10.0.100.105 0.0.0.255 any range 80 eq www
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now