07-27-2019 03:18 PM - edited 07-27-2019 03:30 PM
Hello,
I have a subnet of 1024 hosts. I have to categorize these hosts like 512+512. The first 512 host for a particular area and the other for another area. Moreover, the first 512 host can only access to a particular network and the 2nd 512 host can not. How can I permit only those 512 hosts using ACL? Basically my question is how to permit a range of IP's? My subnet is 10.0.0.0/21. I need to allow the first 512 host and deny latter 512 hosts
Thanks.
Solved! Go to Solution.
07-27-2019 05:00 PM
Depends on what direction of your nework you like to implement this.
Suggest to read this document ge familiar with ACL.
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
07-27-2019 06:21 PM
Hi @mnijhum ,
Just to clarify, if you need to allow only the first 512 host, this ACL can help you:
access-list 1 permit 10.0.0.0 0.0.1.255
This ACL will allow the first 512 hosts and all others will be denied, because at the end of every ACL there is an implicit denial.
As a detail to consider:
Your network with mask /21 has 2048 host in total, so we can divide it into 4 blocks of 512 each. These would be the 4 imaginary blocks:
1º network = 10.0.0.0 wildcard = 0.0.1.255 (mask /23)
2º network = 10.0.2.0 wildcard = 0.0.1.255 (mask /23)
3º network = 10.0.4.0 wildcard = 0.0.1.255 (mask /23)
4º network = 10.0.6.0 wildcard = 0.0.1.255 (mask /23)
Now, having clarity of these 4 blocks, you can use an ACL to allow or deny anyone, using these parameters (red / wildcard)
Regards
07-27-2019 03:23 PM
here is the example :
you need to use 10.0.0.0/23 ( 255.255.254.0) for first 512 IP range
next one 10.0.2.0/23 for other 512, so make ACL based on mask.
if you want to be more specific, post your IP range to suggest better.
07-27-2019 03:27 PM - edited 07-27-2019 03:29 PM
My subnet is 10.0.0.0/21. I need to allow the first 512 host and deny latter 512 hosts
07-27-2019 03:32 PM
You need to more specific, if you are using same subnet, my example for subnet works.
what you want to deny ? you like to Allow, need more clarity here.
it would be nice if you can provide example what is your Goal ?
07-27-2019 03:34 PM
07-27-2019 03:36 PM
it would be nice if you can provide example what is your Goal ?
07-27-2019 03:38 PM - edited 07-27-2019 03:45 PM
Here is the problem I am working on.
The Stormlands only allow castles of other kingdoms to access their network. Packets from any other place/network is automatically denied.
In Westeros, there are seven kingdoms as follows along with their population size and other characteristics of each kingdom:
Outside the wall:
Overall Specifications:
07-27-2019 03:42 PM
07-27-2019 05:00 PM
Depends on what direction of your nework you like to implement this.
Suggest to read this document ge familiar with ACL.
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
07-27-2019 06:21 PM
Hi @mnijhum ,
Just to clarify, if you need to allow only the first 512 host, this ACL can help you:
access-list 1 permit 10.0.0.0 0.0.1.255
This ACL will allow the first 512 hosts and all others will be denied, because at the end of every ACL there is an implicit denial.
As a detail to consider:
Your network with mask /21 has 2048 host in total, so we can divide it into 4 blocks of 512 each. These would be the 4 imaginary blocks:
1º network = 10.0.0.0 wildcard = 0.0.1.255 (mask /23)
2º network = 10.0.2.0 wildcard = 0.0.1.255 (mask /23)
3º network = 10.0.4.0 wildcard = 0.0.1.255 (mask /23)
4º network = 10.0.6.0 wildcard = 0.0.1.255 (mask /23)
Now, having clarity of these 4 blocks, you can use an ACL to allow or deny anyone, using these parameters (red / wildcard)
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide