Access Lists to open a port on multiple IP's 1

[mwidner]

Access Lists -- Is it possible to use a "range" of some sort to open a particular port on a range of IP addresses?

For example we use a product that requires access to port 6129 and I wonder if I have to provide this for EVERY IP address or can I use a range?

Sorry if this sound a bit daft... I only have enough knowledge of Cisco commands to make me dangerous!!

Thanks!

 

[Supergrrover]

If the IP's are contiguous you can use the proper subnet and mask. If not, You can use an object group. Place all the IP's in the group and it's only one line in the ACL.

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[bannomust]

or you can create a network object-group and add all those ip in that group so it will be easy for you to add and remove the ip address.

Thanks,
Mustafa gangardiwala

Mustafa Gangardiwala
CCIE-Security # 16253, CISA
CISM,CISSP,INFOSEC, MCSE, CNE

http://netseczone.blogspot.com