Access-List question

Hi guys,

Could any one give me advice on the following:

I have a range of addresses 192.168.1.1 - 192.168.1. 254

Is there a way i can block a ip addresses from the middle of this range?

For instance 192.168.1.50 to 192.168.1.100 access blocked but the rest of the addresses allowed?

Thanks for any help it is appreciated.

Andrew

Reply to
tweety
Loading thread data ...

Of course, just use the appropriate wildcard mask(s).

For example, to block all the ip addresses from 192.168.1.32 to

192.168.1.63, you could do something like

access-list 1 deny 192.168.1.32 0.0.0.31

If the range you want to block is not covered exactly by a given mask, you have to use two or more statements. In your example, this would be

! block from 192.168.1.50 to 192.168.1.51 access-list 1 deny 192.168.1.50 0.0.0.1

! block from 192.168.1.52 to 192.168.1.55 access-list 1 deny 192.168.1.52 0.0.0.3

! block from 192.168.1.56 to 192.168.1.63 access-list 1 deny 192.168.1.56 0.0.0.7

! block from 192.168.1.64 to 192.168.1.95 access-list 1 deny 192.168.1.64 0.0.0.31

! block from 192.168.1.96 to 192.168.1.99 access-list 1 deny 192.168.1.96 0.0.0.3

! block 192.168.1.100 access-list 1 deny 192.168.1.100 0.0.0.0

Remember to add the "permit any" at the end if you want to allow access to all other addresses.

Reply to
pk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.