how to block only the first IP of each subnet using acl /wildcard mask

moisesebastien1 · ‎06-02-2016

How can we block only the first IP of each subnet?

I like to avoid coming up with gigantic long ACLs to individually put in explicit deny for each host.

Milos Megis · ‎06-02-2016

Hi, let say that you will have subnets:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
...
192.168.255.0/24

and you want to block only this source IP address in each subnet: 192.168.x.1

standard ACL:
deny 192.168.0.1 0.0.255.0
permit any

extended ACL:
deny ip 192.168.0.1 0.0.255.0 any
permit ip any any