12-10-2007 07:03 PM - edited 03-03-2019 07:52 PM
Dear All,
I am bit confuse about this kinda of ACL configuration, let's say to prevent 10.10.10.60 ~ 10.10.10.80 hosts traffic pass through serial interface. what wildmask can I use?
Thank you.
12-10-2007 07:08 PM
Hi
Well you can't cover this off with one mask but you could do
host 10.10.10.60
host 10.10.10.61
host 10.10.10.62
host 10.10.10.63
host 10.10.10.64 0.0.0.15
host 10.10.10.80
the 10.10.10.64 entry has a wildcard mask of 0.0.0.15 which covers the hosts 10.10.10.64 -> 10.10.10.79
Jon
12-10-2007 07:13 PM
You will need the following entries
! Deny from 10.10.10.60-63
access-list deny ip 10.10.10.60 0.0.0.3 any
! Deny from 10.10.10.64-71
access-list deny ip 10.10.10.64 0.0.0.7 any
! Deny from 10.10.10.72-79
access-list deny ip 10.10.10.72 0.0.0.7 any
! Deny 10.10.10.80
access-list deny ip host 10.10.10.80 any
! Permit rest of the traffic
access-list 101 permit ip any any
interface sx/x
ip access-group 101 out
12-10-2007 08:35 PM
HI, [Do Rate ALL HELPFUL HOSTS]
You will need to implement as recommended by Edison.
10.10.10.60 0.0.0.3
Means =
Firs Adr: 10.10.10.60
Last Adr: 10.10.10.63
This way you need to Split the overall Subnet and write Deny Rule then Permit other IP Address because without any permit statements for other IP Ranges the implicit deny will come into Action.
Do Rate ALL HELPFUL HOSTS
Best Regards,
Guru Prasad R
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: