Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL to deny 15 IP's

I need to deny 15 IP's on my network.

I'm using the following IP addressing 10.246.32.22/22 and the IP's I need to deny are 10.246.32.230 to 10.246.32.245.

Is there any option on the ACL's to deny this range of 15 IP's or I have to deny one IP per line?

I apreciate your comments!!

1 REPLY
Gold

Re: ACL to deny 15 IP's

the most suitable subnet is 10.246.32.224/27, which includes (hosts) .225 - .254.

providing we are discussing pix rather than router, object group can been configured.

e.g.

object-group network restricted

network-object host 10.246.32.230

network-object host 10.246.32.231

network-object host 10.246.32.232

network-object host 10.246.32.233

network-object host 10.246.32.234

network-object host 10.246.32.235

network-object host 10.246.32.236

network-object host 10.246.32.237

network-object host 10.246.32.238

network-object host 10.246.32.239

network-object host 10.246.32.240

network-object host 10.246.32.241

network-object host 10.246.32.242

network-object host 10.246.32.243

network-object host 10.246.32.244

network-object host 10.246.32.245

access-list 199 deny ip object-group restricted any

access-group 199 in interface inside

with object group configured and applied on acl, you don't need to modify the acl in the future but playing with the object group entries. it's more flexible.

167
Views
0
Helpful
1
Replies
CreatePlease login to create content