Home > Archive > alt.certification.cisco > December 2002 > Re: Is it possible to create an extended ip access-list that denys





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Is it possible to create an extended ip access-list that denys
Doan

2002-12-29, 9:24 pm


On Mon, 30 Dec 2002, zarg wrote:

> Is it possible to create an extended ip access-list that denys half a
> subnet and permits the other half??
> i want to deny lower half of subnet range access to telnet services
> and permit upper-half access to same
>
Yes! Just match the first bit of your subnet to zero for the lower half
and to one for the upper half. For example, for the 10.0.0.0

ip access-list 101 deny 10.0.0.0 0.127.255.255 any eq 23
ip access-list 101 permit 10.128.0.0 0.127.255.255 any eq 23

for the 172.16.0.0

ip access-list 102 deny 172.16..0 0.0.127.255 any eq 23
ip access-list 102 permit 172.16.128.0 0.0.127.255 any eq 23


Doan

Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net