?
Solved

Cisco ACL Permit Range

Posted on 2006-10-24
3
Medium Priority
?
1,332 Views
Last Modified: 2008-01-09
Hi,

I want to permit all traffic to the following IP range: 10.20.16.10 - 10.20.16.13 - what entry would i add to an acl?

I have tried permit ip 10.20.16.10 *.*.*.* any but am unsure how to calculate the *.*.*.*.

Mike
0
Comment
Question by:Barnardos_2LS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17796572
permit ip 10.20.16.8 0.0.0.7 any

This will include hosts 10.20.16.9 - .14

You would have to exclude .9 and .14 explicitly:
deny ip host 10.20.16.9 any
deny ip host 10.20.16.14 any
permit ip 10.20.16.8 0.0.0.7 any

The mask is a wildcard mask instead of subnet mask.
Take the subnet mask that you would calculate to include the addresses that you want and subtract from 255.255.255.255
Example:
                   255.255.255.255
10.20.16.8  - 255.255.255.248
                       0 .   0.   0.   7 = wildcard mask ( or more accurately, and 'inverse' mask)


0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17796622
Is their any way around having to exclude .9 and .14 explicitly?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17796799
No. Masks only go so far. You have to break up into maskable "chunks"
The only mask that will include 10 - 13 is 255.255.255.248
10.20.16.8 / 30 only includes .9 and .10 with .11 as broadcast
10.20.16.12 / 30 only includes .13 and .14 with .15 as broadcast
The only way to get both 10 and 13 in the same mask is to go one bit back to .29
10.20.16.8 / 29 includes .9 through .14 with .15 as broadcast
With wildcard masks you can do even/odd numbers, but that still wouldn't give you the desired results to include 10, 11, 12 and 13
Your other option is to explicitly include each of the 4 IP's and all others are blocked by the implicit deny all
 permit ip host 10.20.16.10 any
 permit ip host 10.20.16.11 any
 permit ip host 10.20.16.12 any
 permit ip host 10.20.16.13 any
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question