11-17-2003 12:50 AM - edited 02-20-2020 09:23 PM
how to write an ACL like this?
if I want to deny all the traffic of 10.0.0.1 to 10.0.0.104,is there a way that I just write one phrase like"access-list 101 deny ip 10.0.0.1-10.0.0.104 any" in router or pix?
thanks!
11-17-2003 02:10 AM
hi,
you have to use a subnet mask to specify a range of ip addresses. in your case, you can write
access-list 101 deny ip 10.0.0.0 255.255.255.128 any
so the covered addresses are:10.0.0.0 to 10.0.0.127.
and also don't forget to add "permit ip any any" line to end of your access-list because of the implicit deny.
hope this helps
11-20-2003 03:50 PM
CIDR netblocks:
access-list 101 deny ip 10.0.0.0 255.255.255.192 any
access-list 101 deny ip 10.0.0.64 255.255.255.224 any
access-list 101 deny ip 10.0.0.96 255.255.255.248 any
...
the first line blocks hosts 0-63, the second line blocks hosts 64-95....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: