Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Basic ACL question

Hi,

If I deny a network, for example,

access-list deny 10.10.0.0 0.0.255.255

Does that mean that I also deny any subnet of 10.10.0.0/16? For exmaple, 10.10.10.0/24? So I don't need to create several ACL statements.

access-list deny 10.10.0.0 0.0.255.255

access-list deny 10.10.10.0 0.0.0.255 (redundant)

Thank you!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Gold

Re: Basic ACL question

Kevin

Yes the statement access-list 1 deny 10.10.10.0 0.0.0.255 is redundant and not needed if the access list has the statement access-list 1 deny 10.10.0.0 0.0.255.255

HTH

Rick

New Member

Re: Basic ACL question

There is no need to create the other list..

see for yoursefl..the access-list says ..deny any ip in the range of 10.10.x.x --- x.x can be anything ..may it be in a different subnet mask .

hope this helped. Plz rate

2 REPLIES
Hall of Fame Super Gold

Re: Basic ACL question

Kevin

Yes the statement access-list 1 deny 10.10.10.0 0.0.0.255 is redundant and not needed if the access list has the statement access-list 1 deny 10.10.0.0 0.0.255.255

HTH

Rick

New Member

Re: Basic ACL question

There is no need to create the other list..

see for yoursefl..the access-list says ..deny any ip in the range of 10.10.x.x --- x.x can be anything ..may it be in a different subnet mask .

hope this helped. Plz rate

101
Views
0
Helpful
2
Replies
CreatePlease to create content