cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

132
Views
0
Helpful
2
Replies
Highlighted
Beginner

Access-list with Negate.. how can be done!

Hi Guys,

 

I need to match the source traffic from 10.100.100.* to a destination other than 10.0.0.0/8.

Which wildcard mask do I need to apply that will only check other than 10.*.*.*.* (the first octet has to be 10)

 

ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 x.x.x.x.

 

Please help ??


 

 

Everyone's tags (1)
2 REPLIES 2
VIP Advisor

Re: Access-list with Negate.. how can be done!

Hello

ip access-list extended ACL permit/deny

ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.255.255.255  10.0.0.0/8
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.255.255  10.0.0.0/16
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.0.255  -  10.0.0.0/24
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.1.255  -  10.0.0.0/23    255-254 =1
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.3.255  -  10.0.0.0/22    255-252 =3
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.7.255-    10.0.0.0/21    255-248 =7
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.15.255-  10.0.0.0/20    255-240 =15
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.31.255-  10.0.0.0/19    255-224 =31
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.63.255-  10.0.0.0/18    255-192 =63
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 10.0.0.0 0.0.127.255- 10.0.0.0/17   255-128 =127
etc..



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
VIP Advisor

Re: Access-list with Negate.. how can be done!

Hi there,

If you are using the ACL for pattern matching, then why not use a deny to not match (negate) traffic destined to 10.0.0.0/8 then match everything else:

ip access-list extended ACL deny ip 10.100.100.0 0.0.0.255 10.0.0.0 0.255.255.255
ip access-list extended ACL permit ip 10.100.100.0 0.0.0.255 any

cheers,

Seb.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here