Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access-list

I have to use just two access statements to allow the following range of networks.

192.10.*.0

* denotes network from 1 to 8.

6 REPLIES
Hall of Fame Super Blue

Re: Access-list

Hi

Assuming IOS

access-list 1 permit 192.10.0.0 0.0.7.255

access-list 1 permit 192.10.8.0 0.0.0.255

HTH

Jon

Community Member

Re: Access-list

Thanks for replying, but i have the range just from 1-8.

You have included 0-7 and 8.

Hall of Fame Super Gold

Re: Access-list

With standard (contiguous) mask, it requires 4 statements:

access-list 1 permit 192.10.1.0 0.0.0.255

access-list 1 permit 192.10.2.0 0.0.1.255

access-list 1 permit 192.10.4.0 0.0.3.255

access-list 1 permit 192.10.8.0 0.0.1.255

that can be reduce to three with a non-contiguous mask:

access-list 1 permit 192.10.1.0 0.0.5.255

access-list 1 permit 192.10.2.0 0.0.1.255

access-list 1 permit 192.10.4.0 0.0.3.255

Not sure about two statements, as the above is weird enough already.

Bronze

Re: Access-list

Another way to go with three numbers is..

access-list 1 deny 192.168.0.0 0.0.0.0

access-list 1 permit 192.168.0.0 0.0.7.255

access-list 1 permit 192.168.8.0 0.0.0.0

(just an editing to JON's ACL ;) )

I dont think u can get that done in two numbers..

arun :)

Hall of Fame Super Gold

Re: Access-list

Arun, the commands you suggested won't work, because:

1. he doesn't want 192.168.0.x to be allowed.

2. last octect in mask must be 255, else no IP with last byte different than 0 will pass.

Hall of Fame Super Gold

Re: Access-list

Then what about:

access-list 1 deny 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.0.0 0.0.7.255

access-list 1 permit 192.168.8.0 0.0.0.255

I still think that the original post that wants this done with only 2 ACL statements is not possible.

HTH

Rick

118
Views
0
Helpful
6
Replies
CreatePlease to create content