08-15-2003 02:49 PM - edited 03-02-2019 09:38 AM
i want to permit ip range from 10.17.1.1 to 10.17.1.16 and deny the rest, how can i do that,
hope someone can help me
08-15-2003 03:42 PM
It looks like you want to permit subnet 10.17.1.0/28, the only thing wrong with that is that 10.17.1.16 is not in that subnet.
If you want to permit the subnet, then do this:
access-list 108 permit ip 10.17.1.0 0.0.0.15 any
access-list 108 deny ip any any
This will permit 10.17.1.1 thru 10.17.1.15 (10.17.1.16 is the next subnet IP)
If it's not a subnet you want to permit, but just a range of IP addresses, do this:
access-list 108 permit ip host 10.17.1.1 any
access-list 108 permit ip host 10.17.1.2 any
(and so forth up to 10.17.1.16)
access-list 108 deny ip any any
You don't necessarily have to use "108", you can use any number from 100 - 199.
08-19-2003 04:05 AM
i am using cisco 800
i tried like this
access-list 108 permit ip 10.17.1.0 0.0.0.15 any
access-list 108 deny ip any any
int e0
ip access-group in
seems not working, router gettng stuk wat am i doing wrong in there
08-19-2003 06:56 AM
In in applying the access-list to the interface, you need to specify the number of the ACL you are applying.
e.g. "ip access-group 108 in"
I noticed you only put "ip access-group in"; no ACL number was present.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide