Link to home
Start Free TrialLog in
Avatar of Barnardos_2LS
Barnardos_2LS

asked on

Cisco ACL Permit Range

Hi,

I want to permit all traffic to the following IP range: 10.20.16.10 - 10.20.16.13 - what entry would i add to an acl?

I have tried permit ip 10.20.16.10 *.*.*.* any but am unsure how to calculate the *.*.*.*.

Mike
Avatar of Les Moore
Les Moore
Flag of United States of America image

permit ip 10.20.16.8 0.0.0.7 any

This will include hosts 10.20.16.9 - .14

You would have to exclude .9 and .14 explicitly:
deny ip host 10.20.16.9 any
deny ip host 10.20.16.14 any
permit ip 10.20.16.8 0.0.0.7 any

The mask is a wildcard mask instead of subnet mask.
Take the subnet mask that you would calculate to include the addresses that you want and subtract from 255.255.255.255
Example:
                   255.255.255.255
10.20.16.8  - 255.255.255.248
                       0 .   0.   0.   7 = wildcard mask ( or more accurately, and 'inverse' mask)


Avatar of Barnardos_2LS
Barnardos_2LS

ASKER

Is their any way around having to exclude .9 and .14 explicitly?
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial