01-30-2007 06:18 AM - edited 03-03-2019 03:33 PM
Hi
access-list 107 deny ip 172.18.44.0 0.0.0.255 172.18.16.0 0.0.1.255
access-list 107 permit ip 172.18.44.0 0.0.0.255 172.20.96.0 0.0.3.255
I see this access list on a router. Which networks and how many networks does 172.18.44.0 have access to?
01-30-2007 06:27 AM
Your acl can be shortened to one line:
access-list 107 permit ip 172.18.44.0 0.0.0.255 172.20.96.0 0.0.3.255
This will allow access to the ip adres range from 172.20.96.0 to 172.20.99.255
All else is implictly denied and hence the first line has no use.
Regards,
Leo
01-30-2007 06:47 AM
ok .... so if I need to allow access from 172.18.44.0 to 172.20.160.192-255 would the access list look something like this
access-list 107 permit ip 172.18.44.0 0.0.0.255 172.20.96.192 255.255.255.192
??
I could never get the jist of subnetting.
01-30-2007 07:00 AM
Hi,
ACLs use INVERSE masks. So the correct statement would be:
access-list 107 permit ip 172.18.44.0 0.0.0.255 172.20.96.192 0.0.0.63
Regards, Martin
01-30-2007 10:31 AM
I need to allow access to hosts on 172.20.164.192-255
Wold the access list look something like this:
access-list 107 permit ip 172.18.44.0 0.0.0.255 172.20.164.192 0.0.0.63
01-30-2007 11:57 PM
Perfect!
This would be the correct ACL line to achieve your goal. Just make sure the ACL is applied in the right direction (in or out) keeping in mind that the first part describes source IPs and the second part describes destination IPs in the IP packets.
Regards, Martin
01-30-2007 06:29 AM
Here is the host range address that has access to 172.18.44.0 as per the ACL above.
172.20.96.1 - 172.20.99.254 and it can have maxi mum 64 networks.
Please use the IP subnet calculator to calculate the same.
http://www.subnet-calculator.com/subnet.php?net_class=B
HTH,
-amit singh
01-30-2007 06:33 AM
Hello,
Every ACL has an implicit deny any any invisible as last statement. So if this is the full ACL then 172.18.44.0/24 can access any destination IP from 172.20.96.0 to 172.20.99.255 inclusive.
Be aware, that ACLs are used for different purposes (like for NAT). So depending on how it is used, connectivity might be restricted to the addresses above or not restricted at all.
To judge the real impact we would need a configuration excerpt with all references to this ACL.
[edit]: the number of networks and which networks can not be concluded from the ACL. This will depend on your IP environment and which subnetting is in use. This way you could have access to one network 172.20.96.0/22 or to 4 networks 172.20.96.0/24, 172.20.97.0/24, 172.20.98.0/24, 172.20.99.0/24 or to 255 networks with mask /30 or combinations thereof.
Regards, Martin
01-30-2007 06:33 AM
hi,
this networks...
172.20.96.0
172.20.97.0
172.20.98.0
172.20.99.0
How..
96=00000110 in binary
now wildcard bits is 3 means first and second bit should be ignored..
so possibilities..
00 000110=96
10 000110=97
01 000110=98
11 000110=99
hope this will help.
rgrds,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide