Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Access list not behaving properly

Martin Harrison_1
Frequent Advisor

Access list not behaving properly

I have the following line in a short access list that allows web traffic to go to a particular server:

permit tcp 172.16.5.0 0.0.0.255 172.16.1.3 255.255.255.255 eq 80

This access list only contains 2 more lines, they allow traffic to DNS on the same server and symantec web security on another server (ports 53 and 8002.

The whole list looks like the following:

ip access-list extended "guest"
permit tcp 172.16.5.0 0.0.0.255 172.16.1.9 255.255.255.255 eq 8002
permit udp 172.16.5.0 0.0.0.255 172.16.1.3 255.255.255.255 eq 53
permit tcp 172.16.5.0 0.0.0.255 172.16.1.3 255.255.255.255 eq 80
exit

This list should block everything except for the 3 things that are explicitly allowed. It
The list works except for the fact that it lets everything through port 80. You can access any server through port 80.

This is not right, the list is configured to only allows traffic to the 172.16.1.3 server. There is no wildcard....

Can anyone explain this behavior?
1 REPLY
Martin Harrison_1
Frequent Advisor

Re: Access list not behaving properly

bah, the solution is to use 0.0.0.0 instead of 255.255.255.255...