[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco ACL Permit Range

Posted on 2006-10-24
3
Medium Priority
?
1,337 Views
Last Modified: 2008-01-09
Hi,

I want to permit all traffic to the following IP range: 10.20.16.10 - 10.20.16.13 - what entry would i add to an acl?

I have tried permit ip 10.20.16.10 *.*.*.* any but am unsure how to calculate the *.*.*.*.

Mike
0
Comment
Question by:Barnardos_2LS
  • 2
3 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17796572
permit ip 10.20.16.8 0.0.0.7 any

This will include hosts 10.20.16.9 - .14

You would have to exclude .9 and .14 explicitly:
deny ip host 10.20.16.9 any
deny ip host 10.20.16.14 any
permit ip 10.20.16.8 0.0.0.7 any

The mask is a wildcard mask instead of subnet mask.
Take the subnet mask that you would calculate to include the addresses that you want and subtract from 255.255.255.255
Example:
                   255.255.255.255
10.20.16.8  - 255.255.255.248
                       0 .   0.   0.   7 = wildcard mask ( or more accurately, and 'inverse' mask)


0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17796622
Is their any way around having to exclude .9 and .14 explicitly?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17796799
No. Masks only go so far. You have to break up into maskable "chunks"
The only mask that will include 10 - 13 is 255.255.255.248
10.20.16.8 / 30 only includes .9 and .10 with .11 as broadcast
10.20.16.12 / 30 only includes .13 and .14 with .15 as broadcast
The only way to get both 10 and 13 in the same mask is to go one bit back to .29
10.20.16.8 / 29 includes .9 through .14 with .15 as broadcast
With wildcard masks you can do even/odd numbers, but that still wouldn't give you the desired results to include 10, 11, 12 and 13
Your other option is to explicitly include each of the 4 IP's and all others are blocked by the implicit deny all
 permit ip host 10.20.16.10 any
 permit ip host 10.20.16.11 any
 permit ip host 10.20.16.12 any
 permit ip host 10.20.16.13 any
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question