Solved: ACL Specific IP range

jk865 · ‎12-10-2021

Hi

I want to create an ACL for a specific subnet, the third subnet of 192.168.1.0/28, the usable addresses 192.168.1.33 - 192.168.1.46 do I need to create a new line on the ACL for each address I can't see a way of creating a range? hopefully, that makes sense.

Also is it best practice to include the network address and broadcast address when creating ACL's if I'm asked to deny traffic from the entire subnet?

Thanks

Georg Pauwen · ‎12-10-2021

Hello,

not really sure what you are after, but:

access-list 1 deny 192.168.1.32 0.0.0.15

This denies hosts192.168.1.33 - 192.168.1.46, as well as the network and the broadcast address.

Unless you want to specifically permit or deny only certain host addresses, it is good practice to permit or deny the entire subnet (including network/broadcast address).

View solution in original post

Mark Elsen · ‎12-10-2021

- Review this document :

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Georg Pauwen · ‎12-10-2021

Hello,

not really sure what you are after, but:

access-list 1 deny 192.168.1.32 0.0.0.15

This denies hosts192.168.1.33 - 192.168.1.46, as well as the network and the broadcast address.

Unless you want to specifically permit or deny only certain host addresses, it is good practice to permit or deny the entire subnet (including network/broadcast address).