Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

outbound access to a selected number of hosts

I have several internal class C Networks. I would like the first 99 hosts to be able to access the internet and deny the remaining hosts. I've looked at network object-group, but I'm wondering if there is another method of acheiving this?

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: outbound access to a selected number of hosts

Hello,

Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -

178.1.1.0 255.255.255.192 -->will conver from 1-63

178.1.1.64 255.255.255.224 --> covers from 64-95

178.1.1.96 255.255.255.255 -->.96

178.1.1.97 255.255.255.255 -->.97

178.1.1.98 255.255.255.255 -->.98

178.1.1.99 255.255.255.255 -->.99

I hope this helps. Regards,

Mynul

4 REPLIES
Silver

Re: outbound access to a selected number of hosts

Hello,

Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -

178.1.1.0 255.255.255.192 -->will conver from 1-63

178.1.1.64 255.255.255.224 --> covers from 64-95

178.1.1.96 255.255.255.255 -->.96

178.1.1.97 255.255.255.255 -->.97

178.1.1.98 255.255.255.255 -->.98

178.1.1.99 255.255.255.255 -->.99

I hope this helps. Regards,

Mynul

Community Member

Re: outbound access to a selected number of hosts

They are contigous. I have a config similar to your sugestion.

Can I use the object-group command to identify the range of with an acl?

object-group network internal_clients

network-object host 178.1.1.1-178.1.1.99

:

access-list acl_in permit tcp object-group internal_clients any eq www

Thanks

Silver

Re: outbound access to a selected number of hosts

Hi,

Unfortunately, you cannot define the range in the network-object. It has to be either host or network addresses, not range.

Regards,

Mynul

Community Member

Re: outbound access to a selected number of hosts

Thanks, I'll revert to your original sugestion.

This would be a very helpful feature.

112
Views
0
Helpful
4
Replies
CreatePlease to create content