Solved

Cisco ACL Permit Range

Posted on 2006-10-24
3
1,329 Views
Last Modified: 2008-01-09
Hi,

I want to permit all traffic to the following IP range: 10.20.16.10 - 10.20.16.13 - what entry would i add to an acl?

I have tried permit ip 10.20.16.10 *.*.*.* any but am unsure how to calculate the *.*.*.*.

Mike
0
Comment
Question by:Barnardos_2LS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17796572
permit ip 10.20.16.8 0.0.0.7 any

This will include hosts 10.20.16.9 - .14

You would have to exclude .9 and .14 explicitly:
deny ip host 10.20.16.9 any
deny ip host 10.20.16.14 any
permit ip 10.20.16.8 0.0.0.7 any

The mask is a wildcard mask instead of subnet mask.
Take the subnet mask that you would calculate to include the addresses that you want and subtract from 255.255.255.255
Example:
                   255.255.255.255
10.20.16.8  - 255.255.255.248
                       0 .   0.   0.   7 = wildcard mask ( or more accurately, and 'inverse' mask)


0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17796622
Is their any way around having to exclude .9 and .14 explicitly?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 17796799
No. Masks only go so far. You have to break up into maskable "chunks"
The only mask that will include 10 - 13 is 255.255.255.248
10.20.16.8 / 30 only includes .9 and .10 with .11 as broadcast
10.20.16.12 / 30 only includes .13 and .14 with .15 as broadcast
The only way to get both 10 and 13 in the same mask is to go one bit back to .29
10.20.16.8 / 29 includes .9 through .14 with .15 as broadcast
With wildcard masks you can do even/odd numbers, but that still wouldn't give you the desired results to include 10, 11, 12 and 13
Your other option is to explicitly include each of the 4 IP's and all others are blocked by the implicit deny all
 permit ip host 10.20.16.10 any
 permit ip host 10.20.16.11 any
 permit ip host 10.20.16.12 any
 permit ip host 10.20.16.13 any
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question