ACL problem

Discussion in 'Cisco' started by Vorta, Mar 16, 2005.

  1. Vorta

    Vorta Guest

    Hello all,

    Trying to write a simple ACL but having problem.

    I want users from 192.168.1.0 to access any host on 192.168.2.0, for
    example, but the resulting ACL is confusing.
    This will imply they cannot access anything else.

    Here is a little capture.

    access-list 102 permit ip 69.90.225.48 255.255.255.240 69.28.216.0
    255.255.254.0

    access-list 102 deny ip any any log

    -----

    When I did a show access-list 102...I got this:

    Extended IP access list 102
    permit ip 0.0.0.0 255.255.255.240 0.0.0.0 255.255.254.0
    deny ip any any log


    What gives?

    TIA...

    John.
     
    Vorta, Mar 16, 2005
    #1
    1. Advertising

  2. Vorta

    Brian V Guest

    "Vorta" <> wrote in message
    news:...
    > Hello all,
    >
    > Trying to write a simple ACL but having problem.
    >
    > I want users from 192.168.1.0 to access any host on 192.168.2.0, for
    > example, but the resulting ACL is confusing.
    > This will imply they cannot access anything else.
    >
    > Here is a little capture.
    >
    > access-list 102 permit ip 69.90.225.48 255.255.255.240 69.28.216.0
    > 255.255.254.0
    >
    > access-list 102 deny ip any any log
    >
    > -----
    >
    > When I did a show access-list 102...I got this:
    >
    > Extended IP access list 102
    > permit ip 0.0.0.0 255.255.255.240 0.0.0.0 255.255.254.0
    > deny ip any any log
    >
    >
    > What gives?
    >
    > TIA...
    >
    > John.
    >


    The access-lists use wildcard masks, not subnet masks.
    Use:
    access-list 102 permit ip 69.90.225.48 0.0.0.15 69.28.216.0 0.0.1.255
    access-list 102 deny ip any any log
     
    Brian V, Mar 16, 2005
    #2
    1. Advertising

  3. Vorta

    Vorta Guest

    Brian V wrote:
    > "Vorta" <> wrote in message
    > news:...
    > > Hello all,
    > >
    > > Trying to write a simple ACL but having problem.
    > >
    > > I want users from 192.168.1.0 to access any host on 192.168.2.0,

    for
    > > example, but the resulting ACL is confusing.
    > > This will imply they cannot access anything else.
    > >
    > > Here is a little capture.
    > >
    > > access-list 102 permit ip 69.90.225.48 255.255.255.240 69.28.216.0
    > > 255.255.254.0
    > >
    > > access-list 102 deny ip any any log
    > >
    > > -----
    > >
    > > When I did a show access-list 102...I got this:
    > >
    > > Extended IP access list 102
    > > permit ip 0.0.0.0 255.255.255.240 0.0.0.0 255.255.254.0
    > > deny ip any any log
    > >
    > >
    > > What gives?
    > >
    > > TIA...
    > >
    > > John.
    > >

    >
    > The access-lists use wildcard masks, not subnet masks.
    > Use:
    > access-list 102 permit ip 69.90.225.48 0.0.0.15 69.28.216.0 0.0.1.255
    > access-list 102 deny ip any any log


    DOH!!!!!!

    Thanks!

    John.
     
    Vorta, Mar 16, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shad T
    Replies:
    0
    Views:
    702
    Shad T
    Jun 29, 2004
  2. RJ45

    problem with layer2 ACL

    RJ45, Jul 1, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,754
  3. Felix Kim

    ICMP ACL Problem

    Felix Kim, Aug 25, 2004, in forum: Cisco
    Replies:
    2
    Views:
    5,696
    Andree Toonk
    Aug 26, 2004
  4. RJ45

    problem with ACL processing

    RJ45, Dec 21, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,141
    Barry Margolin
    Dec 22, 2004
  5. Vimokh
    Replies:
    3
    Views:
    5,798
    Vimokh
    Sep 6, 2006
Loading...

Share This Page