Solved: Basic ACL question

kevin.hu · ‎10-13-2006

Hi,

If I deny a network, for example,

access-list deny 10.10.0.0 0.0.255.255

Does that mean that I also deny any subnet of 10.10.0.0/16? For exmaple, 10.10.10.0/24? So I don't need to create several ACL statements.

access-list deny 10.10.0.0 0.0.255.255

access-list deny 10.10.10.0 0.0.0.255 (redundant)

Thank you!

Richard Burts · ‎10-13-2006

Kevin

Yes the statement access-list 1 deny 10.10.10.0 0.0.0.255 is redundant and not needed if the access list has the statement access-list 1 deny 10.10.0.0 0.0.255.255

HTH

Rick

HTH

Rick

View solution in original post

pushkar1782 · ‎10-13-2006

There is no need to create the other list..

see for yoursefl..the access-list says ..deny any ip in the range of 10.10.x.x --- x.x can be anything ..may it be in a different subnet mask .

hope this helped. Plz rate