networking-forum.com - View topic - Extended access list with multiple ports

Board index » Cisco Networking » Cisco Routing and Switching

All times are UTC - 6 hours [ DST ]

Extended access list with multiple ports

Page 1 of 1

[ 10 posts ]

Print view

Previous topic | Next topic

Author

Message

mitm2010

Post subject: Extended access list with multiple ports

Posted: Fri Mar 23, 2012 3:38 am

New Member

Joined: Fri Mar 23, 2012 3:20 am
Posts: 2
Certs: MCSA, MCTS, CCNA and CCNA Security

Hello All,

I have a problem with my Cisco Catalyst 4503-E when i try to configure an extended access lists with multipleports.

The informations of my Switch are the following:
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 15.0(2)SG3, RELEASE SOFTWARE (fc2)

I cannot configure the following access list:

permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.1 eq 135 389 636 445 3268 3269 domain 88

I must to configure one port in line!!!

Can you help me to resolve this problem?

Best regards.

Top

Agent Zed

Post subject: Re: Extended access list with multiple ports

Posted: Fri Mar 23, 2012 6:12 am

Senior Member

Joined: Fri Sep 02, 2011 6:59 am
Posts: 362
Location: Birmingham, UK
Certs: CCNA, CCNP

I would do one line per port, it's easier to manage.

Top

wirerat

Post subject: Re: Extended access list with multiple ports

Posted: Fri Mar 23, 2012 6:19 am

Post Whore

Joined: Tue Mar 31, 2009 4:15 pm
Posts: 4442
Location: South Florida
Certs: More than none

Same thing here. It's just the way it is.

Code:

blahblah-###-s#show ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-IPBASEK9-M), Version 12.2(54)SG1, RELEASE SOFTWARE (fc1)

blahblah-###-s(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.1 eq 135 ?
  ack          Match on the ACK bit
  dscp         Match packets with given dscp value
  established  Match established connections
  fin          Match on the FIN bit
  log          Log matches against this entry
  log-input    Log matches against this entry, including input interface
  match-all    Match if all specified flags are present
  match-any    Match if any specified flag is present
  option       Match packets with given IP Options value
  precedence   Match packets with given precedence value
  psh          Match on the PSH bit
  reflect      Create reflexive access list entry
  rst          Match on the RST bit
  syn          Match on the SYN bit
  time-range   Specify a time-range
  tos          Match packets with given TOS value
  urg          Match on the URG bit
  <cr>

_________________
"See packet, be packet, you are packet. Ignore all else!" -The Networker
packetsdropped.wordpress.com

Top

burnyd

Post subject: Re: Extended access list with multiple ports

Posted: Fri Mar 23, 2012 6:35 am

Post Whore

Joined: Fri Nov 13, 2009 5:15 pm
Posts: 1957
Location: Pittsburgh
Certs: CCIE R&S,CCIP,JNCIA,VCP510

I think ios 15.0 will allow you to do access groups.

_________________
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

Top

ristau5741

Post subject: Re: Extended access list with multiple ports

Posted: Fri Mar 23, 2012 9:42 am

Post Whore

Joined: Tue Aug 21, 2007 2:15 pm
Posts: 8303
Location: Frederick MD
Certs: Instanity

you can do a port range in a single line, but if that is too many open ports
you need to put each one as a separate entry.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Top

mitm2010

Post subject: Re: Extended access list with multiple ports

Posted: Tue Mar 27, 2012 10:35 am

New Member

Joined: Fri Mar 23, 2012 3:20 am
Posts: 2
Certs: MCSA, MCTS, CCNA and CCNA Security

Hi all,

Thank you for your responses.
It's very difficult to do one line per port because i have a multiple extended access lists with multiple conditions and multiple ports by condition.

Have you any suggestion?

Best regards.

Top

mellowd

Post subject: Re: Extended access list with multiple ports

Posted: Tue Mar 27, 2012 10:46 am

CCIE #38070

Joined: Wed Jun 18, 2008 7:49 am
Posts: 12433
Location: London, UK
Certs: CCIE ,CC-NP/IP, JNCIP-SP, JNCIS-ENT, BC-/SPNE/NP

I suggest you do a port per line. Create a line, then copy and paste that into notepad. Then create 100 lines with ctrl+v and change the port on each line. It's really not that difficult

_________________
www.mellowd.co.uk/ccie/

Top

burnyd

Post subject: Re: Extended access list with multiple ports

Posted: Tue Mar 27, 2012 12:53 pm

Post Whore

Joined: Fri Nov 13, 2009 5:15 pm
Posts: 1957
Location: Pittsburgh
Certs: CCIE R&S,CCIP,JNCIA,VCP510

mitm2010 wrote:

access groups!

_________________
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

Top

ristau5741

Post subject: Re: Extended access list with multiple ports

Posted: Tue Mar 27, 2012 12:57 pm

Post Whore

Joined: Tue Aug 21, 2007 2:15 pm
Posts: 8303
Location: Frederick MD
Certs: Instanity

burnyd wrote:

mitm2010 wrote:

access groups!

I think you meant Network Objects

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Top

burnyd

Post subject: Re: Extended access list with multiple ports

Posted: Tue Mar 27, 2012 2:55 pm

Post Whore

Joined: Fri Nov 13, 2009 5:15 pm
Posts: 1957
Location: Pittsburgh
Certs: CCIE R&S,CCIP,JNCIA,VCP510

^^ yes, I havent touched a ASA in the past 6 months.

_________________
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

Top

Page 1 of 1

[ 10 posts ]

Board index » Cisco Networking » Cisco Routing and Switching

All times are UTC - 6 hours [ DST ]

Who is online

Users browsing this forum: tzmueller and 17 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum