Access-List question

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi guys,

Could any one give me advice on the following:

I have a range of addresses 192.168.1.1 - 192.168.1. 254

Is there a way i can block a ip addresses from the middle of this
range?

For instance 192.168.1.50 to 192.168.1.100 access blocked but the rest
of the addresses allowed?

Thanks for any help it is appreciated.

Andrew


Re: Access-List question
tweety wrote:

Quoted text here. Click to load it

Of course, just use the appropriate wildcard mask(s).

For example, to block all the ip addresses from 192.168.1.32 to
192.168.1.63, you could do something like

access-list  1  deny  192.168.1.32  0.0.0.31

If the range you want to block is not covered exactly by a given mask, you
have to use two or more statements. In your example, this would be

! block from 192.168.1.50 to 192.168.1.51
access-list  1 deny  192.168.1.50  0.0.0.1

! block from 192.168.1.52 to 192.168.1.55
access-list  1  deny  192.168.1.52  0.0.0.3

! block from 192.168.1.56 to 192.168.1.63
access-list  1  deny  192.168.1.56  0.0.0.7

! block from 192.168.1.64 to 192.168.1.95
access-list  1  deny  192.168.1.64  0.0.0.31

! block from 192.168.1.96 to 192.168.1.99
access-list  1  deny  192.168.1.96  0.0.0.3

! block 192.168.1.100
access-list  1  deny  192.168.1.100  0.0.0.0

Remember to add the "permit any" at the end if you want to allow access to
all other addresses.


Site Timeline