Re: block ip range

ahmedmohamed · ‎08-15-2003

i want to permit ip range from 10.17.1.1 to 10.17.1.16 and deny the rest, how can i do that,

hope someone can help me

forbesl · ‎08-15-2003

It looks like you want to permit subnet 10.17.1.0/28, the only thing wrong with that is that 10.17.1.16 is not in that subnet.

If you want to permit the subnet, then do this:

access-list 108 permit ip 10.17.1.0 0.0.0.15 any

access-list 108 deny ip any any

This will permit 10.17.1.1 thru 10.17.1.15 (10.17.1.16 is the next subnet IP)

If it's not a subnet you want to permit, but just a range of IP addresses, do this:

access-list 108 permit ip host 10.17.1.1 any

access-list 108 permit ip host 10.17.1.2 any

(and so forth up to 10.17.1.16)

access-list 108 deny ip any any

You don't necessarily have to use "108", you can use any number from 100 - 199.

ahmedmohamed · ‎08-19-2003

i am using cisco 800

i tried like this

access-list 108 permit ip 10.17.1.0 0.0.0.15 any

access-list 108 deny ip any any

int e0

ip access-group in

seems not working, router gettng stuk wat am i doing wrong in there

forbesl · ‎08-19-2003

In in applying the access-list to the interface, you need to specify the number of the ACL you are applying.

e.g. "ip access-group 108 in"

I noticed you only put "ip access-group in"; no ACL number was present.