Access list help

Unanswered Question
Sep 30th, 2008
User Badges:

gues if i want to block two network and

what will b ethe access list for that keeping in mind that i want to get the job done in one line (access-list staement) and can someone please tell me how you did that....thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Gerald Vogt Tue, 09/30/2008 - 21:21
User Badges:
  • Bronze, 100 points or more

access-list 1 deny

Giuseppe Larosa Wed, 10/01/2008 - 01:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Khan,

you need to think at the binary of the base subnet ip address

and look for waht they have in common:

they have in common the first two bytes and the 1 bit set in the least meaning bit of the third byte


the wildcard mask in ACL can contain multiple transitions 0 to 1 and 1 to 0.

the third byte is in binary:

00000010 : first 6 bits are 0 must match the last bit must be 1 must match the bit that makes the difference between 1 and 3 can be set to any value

so it is:

access-list 12 deny

notice that

access-list 12 deny

is wrong because is matching

that is not the same

Hope to help



This Discussion