08-02-2003 05:12 PM - edited 03-09-2019 04:17 AM
I have several internal class C Networks. I would like the first 99 hosts to be able to access the internet and deny the remaining hosts. I've looked at network object-group, but I'm wondering if there is another method of acheiving this?
Thanks in advance
Solved! Go to Solution.
08-02-2003 08:48 PM
Hello,
Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -
178.1.1.0 255.255.255.192 -->will conver from 1-63
178.1.1.64 255.255.255.224 --> covers from 64-95
178.1.1.96 255.255.255.255 -->.96
178.1.1.97 255.255.255.255 -->.97
178.1.1.98 255.255.255.255 -->.98
178.1.1.99 255.255.255.255 -->.99
I hope this helps. Regards,
Mynul
08-02-2003 08:48 PM
Hello,
Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -
178.1.1.0 255.255.255.192 -->will conver from 1-63
178.1.1.64 255.255.255.224 --> covers from 64-95
178.1.1.96 255.255.255.255 -->.96
178.1.1.97 255.255.255.255 -->.97
178.1.1.98 255.255.255.255 -->.98
178.1.1.99 255.255.255.255 -->.99
I hope this helps. Regards,
Mynul
08-03-2003 09:45 AM
They are contigous. I have a config similar to your sugestion.
Can I use the object-group command to identify the range of with an acl?
object-group network internal_clients
network-object host 178.1.1.1-178.1.1.99
:
access-list acl_in permit tcp object-group internal_clients any eq www
Thanks
08-03-2003 10:50 AM
Hi,
Unfortunately, you cannot define the range in the network-object. It has to be either host or network addresses, not range.
Regards,
Mynul
08-04-2003 04:58 AM
Thanks, I'll revert to your original sugestion.
This would be a very helpful feature.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: