×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

outbound access to a selected number of hosts

Answered Question
Aug 2nd, 2003
User Badges:

I have several internal class C Networks. I would like the first 99 hosts to be able to access the internet and deny the remaining hosts. I've looked at network object-group, but I'm wondering if there is another method of acheiving this?


Thanks in advance

Correct Answer by mhoda about 14 years 3 weeks ago

Hello,


Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -


178.1.1.0 255.255.255.192 -->will conver from 1-63

178.1.1.64 255.255.255.224 --> covers from 64-95

178.1.1.96 255.255.255.255 -->.96

178.1.1.97 255.255.255.255 -->.97

178.1.1.98 255.255.255.255 -->.98

178.1.1.99 255.255.255.255 -->.99


I hope this helps. Regards,


Mynul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
mhoda Sat, 08/02/2003 - 20:48
User Badges:
  • Silver, 250 points or more

Hello,


Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -


178.1.1.0 255.255.255.192 -->will conver from 1-63

178.1.1.64 255.255.255.224 --> covers from 64-95

178.1.1.96 255.255.255.255 -->.96

178.1.1.97 255.255.255.255 -->.97

178.1.1.98 255.255.255.255 -->.98

178.1.1.99 255.255.255.255 -->.99


I hope this helps. Regards,


Mynul

eoscar Sun, 08/03/2003 - 09:45
User Badges:

They are contigous. I have a config similar to your sugestion.


Can I use the object-group command to identify the range of with an acl?


object-group network internal_clients

network-object host 178.1.1.1-178.1.1.99

:

access-list acl_in permit tcp object-group internal_clients any eq www


Thanks

mhoda Sun, 08/03/2003 - 10:50
User Badges:
  • Silver, 250 points or more

Hi,


Unfortunately, you cannot define the range in the network-object. It has to be either host or network addresses, not range.


Regards,


Mynul

eoscar Mon, 08/04/2003 - 04:58
User Badges:

Thanks, I'll revert to your original sugestion.

This would be a very helpful feature.

Actions

This Discussion