| Author |
Help Semester 2 CCNA
|
|
| cygnet21 2003-12-15, 2:18 pm |
| Have a question please can anyone help
I need to use ACL to prevent a group of users accessing half of the IP range 209.0.0.0/24
can it b done in a single command ? | |
| Demijohn 2003-12-15, 6:10 pm |
| If you can characterize the sources and destination addresses of interest in a single statement, you'll still need at least 1 permit and 1 deny statement in your ACL, and you'll need one or 2 commands for every interface you want to apply the ACL to.
Ex:
access-list 101 deny ip 192.168.100.0 any 209.0.0.0 0.0.0.127
access-list 101 permit (something)
will block users on the 192.160.100.0/24 network from getting in to access the lower half of the 209.0.0.0/24 network. If the user's and destination addressese aren't easily characterized it may take more statements. | |
| cygnet21 2003-12-15, 6:18 pm |
| thanks for the help | |
| ne0-reloaded 2003-12-16, 7:32 pm |
| quote:
Originally posted by Demijohn
If you can characterize the sources and destination addresses of interest in a single statement, you'll still need at least 1 permit and 1 deny statement in your ACL, and you'll need one or 2 commands for every interface you want to apply the ACL to.
Ex:
access-list 101 deny ip 192.168.100.0 any 209.0.0.0 0.0.0.127
access-list 101 permit (something)
will block users on the 192.160.100.0/24 network from getting in to access the lower half of the 209.0.0.0/24 network. If the user's and destination addressese aren't easily characterized it may take more statements.
what does the 127 in 0.0.0.127 mean? i know 255 means any, and 0 means the exact number, but never saw 127 mentioned anywhere.
thanks | |
| Yankee 2003-12-16, 8:17 pm |
| Take 255 meaning all as you say and minus 128 which would be half of that class C and you get 127 as the wild card mask.
Yankee | |
| Demijohn 2003-12-17, 9:11 am |
| quote:
never saw 127 mentioned anywhere.
I recommend that you go read up on the 'reverse' masks used in defining ACLs. |
|
|
|