Access-list

Kesar123456 · ‎01-21-2008

I have to use just two access statements to allow the following range of networks.

192.10.*.0

* denotes network from 1 to 8.

Jon Marshall · ‎01-21-2008

Hi

Assuming IOS

access-list 1 permit 192.10.0.0 0.0.7.255

access-list 1 permit 192.10.8.0 0.0.0.255

HTH

Jon

Kesar123456 · ‎01-21-2008

Thanks for replying, but i have the range just from 1-8.

You have included 0-7 and 8.

paolo bevilacqua · ‎01-21-2008

With standard (contiguous) mask, it requires 4 statements:

access-list 1 permit 192.10.1.0 0.0.0.255

access-list 1 permit 192.10.2.0 0.0.1.255

access-list 1 permit 192.10.4.0 0.0.3.255

access-list 1 permit 192.10.8.0 0.0.1.255

that can be reduce to three with a non-contiguous mask:

access-list 1 permit 192.10.1.0 0.0.5.255

access-list 1 permit 192.10.2.0 0.0.1.255

access-list 1 permit 192.10.4.0 0.0.3.255

Not sure about two statements, as the above is weird enough already.

s.arunkumar · ‎01-21-2008

Another way to go with three numbers is..

access-list 1 deny 192.168.0.0 0.0.0.0

access-list 1 permit 192.168.0.0 0.0.7.255

access-list 1 permit 192.168.8.0 0.0.0.0

(just an editing to JON's ACL ;) )

I dont think u can get that done in two numbers..

arun :)

paolo bevilacqua · ‎01-21-2008

Arun, the commands you suggested won't work, because:

1. he doesn't want 192.168.0.x to be allowed.

2. last octect in mask must be 255, else no IP with last byte different than 0 will pass.

Richard Burts · ‎01-21-2008

Then what about:

access-list 1 deny 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.0.0 0.0.7.255

access-list 1 permit 192.168.8.0 0.0.0.255

I still think that the original post that wants this done with only 2 ACL statements is not possible.

HTH

Rick

HTH

Rick