Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
2
Replies

how to write an ACL like this?

jeff.lee
Level 1
Level 1

‎11-17-2003 12:50 AM - edited ‎02-20-2020 09:23 PM

how to write an ACL like this?

if I want to deny all the traffic of 10.0.0.1 to 10.0.0.104,is there a way that I just write one phrase like"access-list 101 deny ip 10.0.0.1-10.0.0.104 any" in router or pix?

thanks!

Labels:
0 Helpful
2 Replies 2

nihal.akbulut
Level 1
Level 1

‎11-17-2003 02:10 AM

hi,

you have to use a subnet mask to specify a range of ip addresses. in your case, you can write

access-list 101 deny ip 10.0.0.0 255.255.255.128 any

so the covered addresses are:10.0.0.0 to 10.0.0.127.

and also don't forget to add "permit ip any any" line to end of your access-list because of the implicit deny.

hope this helps

0 Helpful

mostiguy
Level 6
Level 6

‎11-20-2003 03:50 PM

CIDR netblocks:

access-list 101 deny ip 10.0.0.0 255.255.255.192 any

access-list 101 deny ip 10.0.0.64 255.255.255.224 any

access-list 101 deny ip 10.0.0.96 255.255.255.248 any

...

the first line blocks hosts 0-63, the second line blocks hosts 64-95....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents