Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Subnet help

I have the following /16 172.31.0.0/16 that I'm trying to create an access list for. I'd like to allow 172.31.240.0/24 but deny all else, so I'm looking the best way to accomplish this with 2 acl lines.

Any help would be appreciated?

/rls

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Subnet help

Robert,

Just a simple permit of the 172.31.240.0 subnet and deny the whole subnet will be sufficient.

permit ip 172.31.240.0 0.0.0.255

deny ip 172.31.0.0 0.0.255.255

HTH,

Mark

4 REPLIES

Re: Subnet help

Robert,

Just a simple permit of the 172.31.240.0 subnet and deny the whole subnet will be sufficient.

permit ip 172.31.240.0 0.0.0.255

deny ip 172.31.0.0 0.0.255.255

HTH,

Mark

New Member

Re: Subnet help

Thanks for the quick answer. Guess I was over-thinking the obvious!

/rls

Re: Subnet help

Glad I was able to help!

Good Luck,

Mark

Silver

Re: Subnet help

Hi,

The access list if you want to allow ip traffic sourced from 172.31.240.0/24 only as following :

access-list 100 permit ip 172.31.240.0 0.0.0.255 any

access-list 100 deny ip any any

Basically you need only one permit statement because there is implicit deny at the end of access-list.

HTH

Saju

Pls rate if it helps

296
Views
10
Helpful
4
Replies