11-17-2003 12:48 AM - edited 03-02-2019 11:45 AM
how to write an ACL like this?
if I want to deny all the traffic of 10.0.0.1 to 10.0.0.104,is there a way that I just write one phrase like"access-list 101 deny ip 10.0.0.1-10.0.0.104 any" in router or pix?
thanks!
11-17-2003 12:59 AM
Assuming the hosts are on different subnets the following should do the job.
Access-list 101 deny ip host 10.0.0.1 host 10.0.0.104
11-17-2003 01:28 AM
Hi
remember that at the end of ACL there's an implicit deny any. If you want only deny traffic between that network, you must write at the end:
access-list 101 permit ip any any
bye
11-17-2003 08:33 PM
no,I mean I want to deny all the traffic from 10.0.0.1,10.0.0.2,10.0.0.3,......10.0.0.104
11-17-2003 10:35 PM
Hi,
It seems a liitle difficult to get it done in one line.
Here is what i can think off.
Due to the boundry.
Deny 96-103
access-list 101 deny ip 10.0.0.96 0.0.0.7 any
This would allow "104-127" Hosts 96-103 were previously denied
access-list 101 permit ip 10.0.0.104 0.0.0.31 any
This would deny 0-127 Hosts 104-127 criteria met in last statement.
access-list 101 deny ip 10.0.0.1 0.0.0.127 any
This would allow others
access-list 101 permit ip 10.0.0.128 0.0.0.127 any
access-list 101 deny ip 10.0.0.96 0.0.0.7 any log
access-list 101 permit ip 10.0.0.104 0.0.0.31 any
access-list 101 deny ip 10.0.0.1 0.0.0.127 any log
#access-list 101 permit ip 10.0.0.128 0.0.0.127 any
#or access-list 101 permit ip any any
Allan
11-21-2003 10:00 AM
Hi,
since you want to deny access to hosts, u must use standard access-list
try using the wild card entry like this one
access-list 10 deny 10.0.0.1 0.0.0.103
access-list 10 permit ip any any
I am not assuring this will work, but give it a try
-Sai.
11-23-2003 10:46 PM
You cannot do in single statement. To deny access for 10.0.0.1 to 10.0.0.104 u will require to put 5 statement
access-list 110 deny ip any 10.0.0.0 0.0.0.63
access-list 110 deny ip any 10.0.0.64 0.0.0.31
access-list 110 deny ip any 10.0.0.96 0.0.0.7
access-list 110 deny ip any host 10.0.0.104
access-list 110 permit ip any any
Rgds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide