Cisco host permit and deny a range of addresses
Posted on 2009-05-06
I am using a cisco router. I want to restrict the use of ssh to only an internal 172.16.x.x set of addresses and block any other address from using using port 22.
I am using the following and including the subnet mask to indicate that I want to use the entire class b range.
First, do I need to include the subnet mask?
Second, if so, what is the proper format?
access-list 123 permit tcp any host 172.16.0.0 255.255.0.0 eq 22
access-list 123 deny tcp any any eq 22
access-list 123 permit ip any any