This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Further ACL problems

Further ACL problems

EtherNation_Use
Contributor II

‎01-07-2014 09:54 PM

Create Date: Jul 12 2012 4:07AM

OK here's a challenge. How to permit IP and ICMP Pings from a list of 40 subnets in an ACL.Should be straightforward? I thought so until I tried and realised the resulting ACL would be (40*8)+(40*7)=600 lines long!For each network I need the following (sorry about the lack fo formatting, presently neither IE or Chrome will persuade the forum to accept linefeeds or an attachment!!!)entry name {description "xxx" if { source-address x.x.x.x/x; protocol icmp; icmp-type 8; } then {permit;}}entry name {description "xxx" if { source-address x.x.x.x/x; protocol ip; } then {permit;}}Surely I must be wrong? (from David_Rickard)
0 Kudos
2 REPLIES 2

EtherNation_Use
Contributor II

‎01-07-2014 09:54 PM

Create Date: Jul 13 2012 1:10AM

Not really, the thing is that's only the main part, there is still more where port/protocol check are needed so the whole ACL expands to over 800 lines when really there are only 100 lines in there that actually do anything - the rest is just pointless fluff around each actual ACE (from David_Rickard)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 09:54 PM

Create Date: Jul 12 2012 2:15PM

Can you agregate some subnets  ?
For example x.x.x.x/24 and y.y.y.y/24 to z.z.z.z/23 ?

--
Jarek (from Jaroslaw_Kasjaniuk)
0 Kudos
GTM-P2G8KFN