Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2589
Views
0
Helpful
4
Replies

access list in L3 switch

Go to solution
muraripadhan
Level 1
Level 1

‎09-14-2017 10:49 AM - edited ‎03-08-2019 12:02 PM

how i will deney/access specific ip range in my network?

for example

172.16.0.0/16 is using in my network but my requrement is i have to allow only 172.16.0.0 to 172.16.2.0/16 and other ip should not work in my network.

 

Then how i will configure in cisco L3 switch.

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Operations Abe Books
Level 1
Level 1

‎09-14-2017 04:03 PM

This ACL should work for you.

ip access-list extended Test
 permit ip 172.16.0.0 0.0.253.255 any( This will match 172.16.0.0/24 and 172.16.1.0/24)
 permit ip 172.16.2.0 0.0.0.255 any

View solution in original post

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎09-15-2017 12:27 AM

Hello,

not sure if your original post is really what you want:

172.16.0.0/16

172.16.1.0/16

172.16.2.0/16

With the /16 mask, you cannot block 172.16.0.0, because that is the subnet ID. 172.16.1.0 and 172.16.2.0 would just be hosts in the subnet, to to allow just those two hosts, your access list would need to look like this:

access-list 1 permit host 172.16.1.0

access-list 1 permit host 172.16.2.0

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Operations Abe Books
Level 1
Level 1

‎09-14-2017 04:03 PM

This ACL should work for you.

ip access-list extended Test
 permit ip 172.16.0.0 0.0.253.255 any( This will match 172.16.0.0/24 and 172.16.1.0/24)
 permit ip 172.16.2.0 0.0.0.255 any
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎09-15-2017 12:27 AM

Hello,

not sure if your original post is really what you want:

172.16.0.0/16

172.16.1.0/16

172.16.2.0/16

With the /16 mask, you cannot block 172.16.0.0, because that is the subnet ID. 172.16.1.0 and 172.16.2.0 would just be hosts in the subnet, to to allow just those two hosts, your access list would need to look like this:

access-list 1 permit host 172.16.1.0

access-list 1 permit host 172.16.2.0

0 Helpful

Go to solution
muraripadhan
Level 1
Level 1
In response to Georg Pauwen

‎09-15-2017 09:31 PM

Thanks for giving me the solution but sir my requirement is i have to allow only specific range of ip in my network and rest of ip will not work in my network.
Means
Only 172.16.0.0-172.16.2.0/ 16 this range of ip will work in my network rest ip are not work in my network.
Then how i will configure in cisco core switch
0 Helpful

Go to solution
Miguel TelNet sv
Level 1
Level 1

‎01-10-2018 09:55 AM

Buen día tengo este requerimiento de switch de 24 10/100/1000 MBPS, PUERTOS GIGABITS SFP MANEJO DE CAPA L3, MEMORIA FLASH 2GB ,RAM 4GB, CAPACIDAD DE CONMUTACION 68 GBPS,PROTOCOLO DE RUTEO :RIP-1,RIP-2,EIGRP,RIPPNG,CAPACIDAD DE CONMUTACION 68GBPS,INCLUYE 2 SFPS DE 10 GIGA QUE MODELO PUEDO USAR QUE ME CUMPLA CON EL REQUERIMIENTO
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card