• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Cisco dude help...

V

Vegito

Diamond Member
access-list 101 permit tcp host x.x.x.x eq ftp-data host y.y.y.y gt 1024

x.x.x.x remote host
y.y.y.y local host

this way I limit FTP data only to specific host outside and specific host inside..

my question is say I need to goto a range of x.x.x.x/24, how do I specify that or it's not possible ?

I know you can range a port like range 1024 - 4096, but can you range a list of ip address to goto ?
 


<< access-list 101 permit tcp host x.x.x.x eq ftp-data host y.y.y.y gt 1024 >>


this statement says "allow source x.x.x.x-FTPDATA(20) to y.y.y.y-higher than 1024"

to use a range you need to get familiar with wildcard masks. instead of using the keywords "host x.x.x.x" you would use a address and wildcard masks.

10.10.10.0 0.0.0.255 - that says any ip address in the range 10.10.10.0-255
10.10.10.0 0.0.0.63 - that say any ip address in the range 10.10.10.0-63

here is the full command syntax:
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name]

maybe describe exactly what you are trying to do and I can provide a good one.

command reference

better linky
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top