Solved: Re: Routing

mnijhum · ‎07-27-2019

Hello,

I have a subnet of 1024 hosts. I have to categorize these hosts like 512+512. The first 512 host for a particular area and the other for another area. Moreover, the first 512 host can only access to a particular network and the 2nd 512 host can not. How can I permit only those 512 hosts using ACL? Basically my question is how to permit a range of IP's? My subnet is 10.0.0.0/21. I need to allow the first 512 host and deny latter 512 hosts

Thanks.

balaji.bandi · ‎07-27-2019

Depends on what direction of your nework you like to implement this.

Suggest to read this document ge familiar with ACL.

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

luis_cordova · ‎07-27-2019

Hi @mnijhum ,

Just to clarify, if you need to allow only the first 512 host, this ACL can help you:

access-list 1 permit 10.0.0.0 0.0.1.255

This ACL will allow the first 512 hosts and all others will be denied, because at the end of every ACL there is an implicit denial.

As a detail to consider:

Your network with mask /21 has 2048 host in total, so we can divide it into 4 blocks of 512 each. These would be the 4 imaginary blocks:

1º network = 10.0.0.0 wildcard = 0.0.1.255 (mask /23)

2º network = 10.0.2.0 wildcard = 0.0.1.255 (mask /23)

3º network = 10.0.4.0 wildcard = 0.0.1.255 (mask /23)

4º network = 10.0.6.0 wildcard = 0.0.1.255 (mask /23)

Now, having clarity of these 4 blocks, you can use an ACL to allow or deny anyone, using these parameters (red / wildcard)

Regards

View solution in original post

balaji.bandi · ‎07-27-2019

here is the example :

you need to use 10.0.0.0/23 ( 255.255.254.0) for first 512 IP range

next one 10.0.2.0/23 for other 512, so make ACL based on mask.

if you want to be more specific, post your IP range to suggest better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mnijhum · ‎07-27-2019

My subnet is 10.0.0.0/21. I need to allow the first 512 host and deny latter 512 hosts

balaji.bandi · ‎07-27-2019

You need to more specific, if you are using same subnet, my example for subnet works.

what you want to deny ? you like to Allow, need more clarity here.

it would be nice if you can provide example what is your Goal ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mnijhum · ‎07-27-2019

Yes your example for subnet works. but my question is how to allow the first 512 host of this network? I can not do further subnetting of this network.

balaji.bandi · ‎07-27-2019

it would be nice if you can provide example what is your Goal ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mnijhum · ‎07-27-2019

Here is the problem I am working on.

The Stormlands only allow castles of other kingdoms to access their network. Packets from any other place/network is automatically denied.

In Westeros, there are seven kingdoms as follows along with their population size and other characteristics of each kingdom:

The North – Population size: 200

The North, being the kingdom on the border, connects to the Internet (Outside the wall). Consequently, all the other kingdoms communicate with the outside world via the North kingdom.
Has enough budget to buy 2 real IPs only.

The Mountain and The Vale – Population size 80

The Vale has a restaurant called ‘A Restaurant has No Name’ and uses 10 of the IPs of the Vale.

The Rock – Population size 1024

The first 512 IPs are given to the people who live in the castle
The latter 512 IPS are given to the people who live outside the castle

The Stormlands – Population size 250
The Reach

Castles under The Reach

Old Oak - Population size: 10
Grassy Vale - Population size: 50

Other villages - Population size: 10

Outside the wall:

Assume that this is the outside network for the seven kingdoms that they use to connect to the internet.
Has a single web server (browseable)

Overall Specifications:

Use Routers and Switches where appropriate.
You may need to apply VLSM more than once
The Stormlands only allow castles of other kingdoms to access their network. Packets from any other place/network is automatically denied.
Install at least 2 PC/Laptop for each individual network.
Have at least one backup route for two cities
Use summarization if needed anywhere
Use at least one network with static routing, and for others use RIPv2.
You may use at max two PCs to represent all the hosts of a network (no need to put in 32 PCs if it says there are 32 people in the area.

mnijhum · ‎07-27-2019

Now, how can I allow The Rock's first 512 hosts to access stormland?

balaji.bandi · ‎07-27-2019

Depends on what direction of your nework you like to implement this.

Suggest to read this document ge familiar with ACL.

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

luis_cordova · ‎07-27-2019

Hi @mnijhum ,

Just to clarify, if you need to allow only the first 512 host, this ACL can help you:

access-list 1 permit 10.0.0.0 0.0.1.255

This ACL will allow the first 512 hosts and all others will be denied, because at the end of every ACL there is an implicit denial.

As a detail to consider:

Your network with mask /21 has 2048 host in total, so we can divide it into 4 blocks of 512 each. These would be the 4 imaginary blocks:

1º network = 10.0.0.0 wildcard = 0.0.1.255 (mask /23)

2º network = 10.0.2.0 wildcard = 0.0.1.255 (mask /23)

3º network = 10.0.4.0 wildcard = 0.0.1.255 (mask /23)

4º network = 10.0.6.0 wildcard = 0.0.1.255 (mask /23)

Now, having clarity of these 4 blocks, you can use an ACL to allow or deny anyone, using these parameters (red / wildcard)

Regards