01-21-2008 04:43 AM - edited 03-03-2019 08:20 PM
I have to use just two access statements to allow the following range of networks.
192.10.*.0
* denotes network from 1 to 8.
01-21-2008 04:54 AM
Hi
Assuming IOS
access-list 1 permit 192.10.0.0 0.0.7.255
access-list 1 permit 192.10.8.0 0.0.0.255
HTH
Jon
01-21-2008 05:01 AM
Thanks for replying, but i have the range just from 1-8.
You have included 0-7 and 8.
01-21-2008 05:19 AM
With standard (contiguous) mask, it requires 4 statements:
access-list 1 permit 192.10.1.0 0.0.0.255
access-list 1 permit 192.10.2.0 0.0.1.255
access-list 1 permit 192.10.4.0 0.0.3.255
access-list 1 permit 192.10.8.0 0.0.1.255
that can be reduce to three with a non-contiguous mask:
access-list 1 permit 192.10.1.0 0.0.5.255
access-list 1 permit 192.10.2.0 0.0.1.255
access-list 1 permit 192.10.4.0 0.0.3.255
Not sure about two statements, as the above is weird enough already.
01-21-2008 05:23 AM
Another way to go with three numbers is..
access-list 1 deny 192.168.0.0 0.0.0.0
access-list 1 permit 192.168.0.0 0.0.7.255
access-list 1 permit 192.168.8.0 0.0.0.0
(just an editing to JON's ACL ;) )
I dont think u can get that done in two numbers..
arun :)
01-21-2008 06:13 AM
Arun, the commands you suggested won't work, because:
1. he doesn't want 192.168.0.x to be allowed.
2. last octect in mask must be 255, else no IP with last byte different than 0 will pass.
01-21-2008 09:51 AM
Then what about:
access-list 1 deny 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.7.255
access-list 1 permit 192.168.8.0 0.0.0.255
I still think that the original post that wants this done with only 2 ACL statements is not possible.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: