01-21-2008 04:43 AM - edited 03-03-2019 08:20 PM
I have to use just two access statements to allow the following range of networks.
192.10.*.0
* denotes network from 1 to 8.
01-21-2008 04:54 AM
Hi
Assuming IOS
access-list 1 permit 192.10.0.0 0.0.7.255
access-list 1 permit 192.10.8.0 0.0.0.255
HTH
Jon
01-21-2008 05:01 AM
Thanks for replying, but i have the range just from 1-8.
You have included 0-7 and 8.
01-21-2008 05:19 AM
With standard (contiguous) mask, it requires 4 statements:
access-list 1 permit 192.10.1.0 0.0.0.255
access-list 1 permit 192.10.2.0 0.0.1.255
access-list 1 permit 192.10.4.0 0.0.3.255
access-list 1 permit 192.10.8.0 0.0.1.255
that can be reduce to three with a non-contiguous mask:
access-list 1 permit 192.10.1.0 0.0.5.255
access-list 1 permit 192.10.2.0 0.0.1.255
access-list 1 permit 192.10.4.0 0.0.3.255
Not sure about two statements, as the above is weird enough already.
01-21-2008 05:23 AM
Another way to go with three numbers is..
access-list 1 deny 192.168.0.0 0.0.0.0
access-list 1 permit 192.168.0.0 0.0.7.255
access-list 1 permit 192.168.8.0 0.0.0.0
(just an editing to JON's ACL ;) )
I dont think u can get that done in two numbers..
arun :)
01-21-2008 06:13 AM
Arun, the commands you suggested won't work, because:
1. he doesn't want 192.168.0.x to be allowed.
2. last octect in mask must be 255, else no IP with last byte different than 0 will pass.
01-21-2008 09:51 AM
Then what about:
access-list 1 deny 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.7.255
access-list 1 permit 192.168.8.0 0.0.0.255
I still think that the original post that wants this done with only 2 ACL statements is not possible.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide