Subnet help

Answered Question
Sep 9th, 2008

I have the following /16 172.31.0.0/16 that I'm trying to create an access list for. I'd like to allow 172.31.240.0/24 but deny all else, so I'm looking the best way to accomplish this with 2 acl lines.

Any help would be appreciated?

/rls

I have this problem too.
0 votes
Correct Answer by Mark Yeates about 8 years 2 months ago

Robert,

Just a simple permit of the 172.31.240.0 subnet and deny the whole subnet will be sufficient.

permit ip 172.31.240.0 0.0.0.255

deny ip 172.31.0.0 0.0.255.255

HTH,

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Mark Yeates Tue, 09/09/2008 - 12:00

Robert,

Just a simple permit of the 172.31.240.0 subnet and deny the whole subnet will be sufficient.

permit ip 172.31.240.0 0.0.0.255

deny ip 172.31.0.0 0.0.255.255

HTH,

Mark

rsamuel708 Tue, 09/09/2008 - 12:15

Thanks for the quick answer. Guess I was over-thinking the obvious!

/rls

singhsaju Tue, 09/09/2008 - 12:05

Hi,

The access list if you want to allow ip traffic sourced from 172.31.240.0/24 only as following :

access-list 100 permit ip 172.31.240.0 0.0.0.255 any

access-list 100 deny ip any any

Basically you need only one permit statement because there is implicit deny at the end of access-list.

HTH

Saju

Pls rate if it helps

Actions

This Discussion