I am running a Catalyst 6509. I have a class C address split into 2 subnets with gateways of lets say 192.168.43.1 and 192.168.43.129.
The upper range of addresses are to be exempt from the ACL so I need a permit statement at the top of my ACL that permits any address greater than 43.128 but forces the lower addresses down through the ACL.
I'v tried something like this:
ip access-list extended testme permit ip any any 192.168.43.129 0.0.0.128
--insert other ACL's here-- permit ip any any 192.168.43.0 0.0.0.128
but it doesn't seem to be working. 43.220 is still logging a deny on tcp port 445, 135, 137, 111......
When I do a sho run | begin testme, I get this as the first line of the ACL:
permit ip any any 192.168.43.1 0.0.0.128
It changes 43.129 to 43.1
What am I missing? These wildcard bits are chewing my brain man! I gotta get this working like this because the upper addresses are part of a global network and need the ports I am blocking to be accessable for their address range.