cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
6
Replies

Access-list

Kesar123456
Level 1
Level 1

I have to use just two access statements to allow the following range of networks.

192.10.*.0

* denotes network from 1 to 8.

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Assuming IOS

access-list 1 permit 192.10.0.0 0.0.7.255

access-list 1 permit 192.10.8.0 0.0.0.255

HTH

Jon

Thanks for replying, but i have the range just from 1-8.

You have included 0-7 and 8.

With standard (contiguous) mask, it requires 4 statements:

access-list 1 permit 192.10.1.0 0.0.0.255

access-list 1 permit 192.10.2.0 0.0.1.255

access-list 1 permit 192.10.4.0 0.0.3.255

access-list 1 permit 192.10.8.0 0.0.1.255

that can be reduce to three with a non-contiguous mask:

access-list 1 permit 192.10.1.0 0.0.5.255

access-list 1 permit 192.10.2.0 0.0.1.255

access-list 1 permit 192.10.4.0 0.0.3.255

Not sure about two statements, as the above is weird enough already.

Another way to go with three numbers is..

access-list 1 deny 192.168.0.0 0.0.0.0

access-list 1 permit 192.168.0.0 0.0.7.255

access-list 1 permit 192.168.8.0 0.0.0.0

(just an editing to JON's ACL ;) )

I dont think u can get that done in two numbers..

arun :)

Arun, the commands you suggested won't work, because:

1. he doesn't want 192.168.0.x to be allowed.

2. last octect in mask must be 255, else no IP with last byte different than 0 will pass.

Then what about:

access-list 1 deny 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.0.0 0.0.7.255

access-list 1 permit 192.168.8.0 0.0.0.255

I still think that the original post that wants this done with only 2 ACL statements is not possible.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: