cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
476
Views
0
Helpful
6
Replies

how to write an ACL like this?

jeff.lee
Level 1
Level 1

how to write an ACL like this?

if I want to deny all the traffic of 10.0.0.1 to 10.0.0.104,is there a way that I just write one phrase like"access-list 101 deny ip 10.0.0.1-10.0.0.104 any" in router or pix?

thanks!

6 Replies 6

ndarnell
Level 1
Level 1

Assuming the hosts are on different subnets the following should do the job.

Access-list 101 deny ip host 10.0.0.1 host 10.0.0.104

Hi

remember that at the end of ACL there's an implicit deny any. If you want only deny traffic between that network, you must write at the end:

access-list 101 permit ip any any

bye

no,I mean I want to deny all the traffic from 10.0.0.1,10.0.0.2,10.0.0.3,......10.0.0.104

Hi,

It seems a liitle difficult to get it done in one line.

Here is what i can think off.

Due to the boundry.

Deny 96-103

access-list 101 deny ip 10.0.0.96 0.0.0.7 any

This would allow "104-127" Hosts 96-103 were previously denied

access-list 101 permit ip 10.0.0.104 0.0.0.31 any

This would deny 0-127 Hosts 104-127 criteria met in last statement.

access-list 101 deny ip 10.0.0.1 0.0.0.127 any

This would allow others

access-list 101 permit ip 10.0.0.128 0.0.0.127 any

access-list 101 deny ip 10.0.0.96 0.0.0.7 any log

access-list 101 permit ip 10.0.0.104 0.0.0.31 any

access-list 101 deny ip 10.0.0.1 0.0.0.127 any log

#access-list 101 permit ip 10.0.0.128 0.0.0.127 any

#or access-list 101 permit ip any any

Allan

saimbt
Level 1
Level 1

Hi,

since you want to deny access to hosts, u must use standard access-list

try using the wild card entry like this one

access-list 10 deny 10.0.0.1 0.0.0.103

access-list 10 permit ip any any

I am not assuring this will work, but give it a try

-Sai.

You cannot do in single statement. To deny access for 10.0.0.1 to 10.0.0.104 u will require to put 5 statement

access-list 110 deny ip any 10.0.0.0 0.0.0.63

access-list 110 deny ip any 10.0.0.64 0.0.0.31

access-list 110 deny ip any 10.0.0.96 0.0.0.7

access-list 110 deny ip any host 10.0.0.104

access-list 110 permit ip any any

Rgds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco