Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access-list problem

Hi guys.

Could anyone tell me how I could create an access-list (just add one line to an existing one, really) where I would permit traffic between x.x.(200+x).x to x.x.(200+x).x ? Basically I would like to allow all our subnets that have 200 and up in the third octet to talk to each other. Is there any way to do this?

thanks.

3 REPLIES

Re: Access-list problem

Hi Chris,

You may apply the following access-list to each routed port inbound:

access-list 100 permit ip any x.x.200.x 0.0.55.0

Cheers:

Istvan

Re: Access-list problem

Sorry, my post is wrong. I may have misunderstood your post.

Please disregard this.

Thanks:

Istvan

Community Member

Re: Access-list problem

You cannot do that in a single line. If you want to allow all traffic from and to IP addresses a.b.200-255.0-255 it is not possible in one line.

Access lists use wild cards based on binary digits.

200 = 11001000

255 = 11111111

If it was from 192 to 255 it was simply all IP addresses bit the highest two bits set (11xxxxxx).

You have 200. The first range you can cover from 224-255 with mask 111xxxxx, i.e.

permit a.b.224.0 0.0.31.255

Next you can cover 208-223 with

permit a.b.208.0 0.0.15.255

Next you can cover 200-207 with

permit a.b.200.0 0.0.7.255

Thus you need at least three lines.

How to set up the access list depends on whether you use standard access lists or extended access lists. For the latter, if you really want to permit only packets from and to these three ranges you need a total of 9 lines.

169
Views
5
Helpful
3
Replies
CreatePlease to create content