Solved: Subnet help

rsamuel708 · ‎09-09-2008

I have the following /16 172.31.0.0/16 that I'm trying to create an access list for. I'd like to allow 172.31.240.0/24 but deny all else, so I'm looking the best way to accomplish this with 2 acl lines.

Any help would be appreciated?

/rls

Mark Yeates · ‎09-09-2008

Robert,

Just a simple permit of the 172.31.240.0 subnet and deny the whole subnet will be sufficient.

permit ip 172.31.240.0 0.0.0.255

deny ip 172.31.0.0 0.0.255.255

HTH,

Mark

View solution in original post

Mark Yeates · ‎09-09-2008

Robert,

Just a simple permit of the 172.31.240.0 subnet and deny the whole subnet will be sufficient.

permit ip 172.31.240.0 0.0.0.255

deny ip 172.31.0.0 0.0.255.255

HTH,

Mark

rsamuel708 · ‎09-09-2008

Thanks for the quick answer. Guess I was over-thinking the obvious!

/rls

Mark Yeates · ‎09-09-2008

Glad I was able to help!

Good Luck,

Mark

singhsaju · ‎09-09-2008

Hi,

The access list if you want to allow ip traffic sourced from 172.31.240.0/24 only as following :

access-list 100 permit ip 172.31.240.0 0.0.0.255 any

access-list 100 deny ip any any

Basically you need only one permit statement because there is implicit deny at the end of access-list.

HTH

Saju

Pls rate if it helps