Access list

Discussion in 'Cisco' started by david, Jan 22, 2004.

  1. david

    david Guest

    Please help me i am trying to build an accesslist to permit only
    traffic from .180 to .240 hosts
    My network address is 192.168.1.0 255.255.255.0

    I have come up with only host from 192 and above
    access-list 1 permit 192.168.1.192 0.0.0.63

    Any suggestion on how i would include the 180 and exclude the 240 and
    above

    thanks
    david, Jan 22, 2004
    #1
    1. Advertising

  2. david

    Bryan Martin Guest

    access-list 101 permit tcp any host 192.168.1.180 0.0.0.15

    This should allow 177 - 190 then you can deny 177 - 179 if you must

    Bryan Martin

    "david" <> wrote in message
    news:...
    > Please help me i am trying to build an accesslist to permit only
    > traffic from .180 to .240 hosts
    > My network address is 192.168.1.0 255.255.255.0
    >
    > I have come up with only host from 192 and above
    > access-list 1 permit 192.168.1.192 0.0.0.63
    >
    > Any suggestion on how i would include the 180 and exclude the 240 and
    > above
    >
    > thanks
    Bryan Martin, Jan 22, 2004
    #2
    1. Advertising

  3. In article <>,
    david <> wrote:
    :please help me i am trying to build an accesslist to permit only
    :traffic from .180 to .240 hosts

    :I have come up with only host from 192 and above
    :access-list 1 permit 192.168.1.192 0.0.0.63

    :Any suggestion on how i would include the 180 and exclude the 240 and
    :above

    access-list 1 permit 192.168.1.180 0.0.0.3
    access-list 1 permit 192.168.1.184 0.0.0.7
    access-list 1 permit 192.168.1.192 0.0.0.31
    access-list 1 permit 192.168.1.224 0.0.0.15
    --
    This signature intentionally left... Oh, darn!
    Walter Roberson, Jan 22, 2004
    #3
  4. In article <zYGPb.260$>,
    Bryan Martin <> wrote:
    :access-list 101 permit tcp any host 192.168.1.180 0.0.0.15

    :This should allow 177 - 190 then you can deny 177 - 179 if you must

    Surely that wouldn't be allowed -- it would complain that 180 didn't
    match the .15 bitmask.
    --
    Most Windows users will run any old attachment you send them, so if
    you want to implicate someone you can just send them a Trojan
    -- Adam Langley
    Walter Roberson, Jan 22, 2004
    #4
  5. david

    Hansang Bae Guest

    > In article <zYGPb.260$>,
    > Bryan Martin <> wrote:
    > :access-list 101 permit tcp any host 192.168.1.180 0.0.0.15
    > :This should allow 177 - 190 then you can deny 177 - 179 if you must


    would allow 176-191...


    In article <buneqb$4h3$>, -
    cnrc.gc.ca says...
    > Surely that wouldn't be allowed -- it would complain that 180 didn't
    > match the .15 bitmask.



    I don't see why not. It's just a bit mask pattern - no subnet
    restrictions or anything like that.


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Jan 23, 2004
    #5
  6. In article <>,
    Hansang Bae <> wrote:

    > > In article <zYGPb.260$>,
    > > Bryan Martin <> wrote:
    > > :access-list 101 permit tcp any host 192.168.1.180 0.0.0.15
    > > :This should allow 177 - 190 then you can deny 177 - 179 if you must

    >
    > would allow 176-191...
    >
    >
    > In article <buneqb$4h3$>, -
    > cnrc.gc.ca says...
    > > Surely that wouldn't be allowed -- it would complain that 180 didn't
    > > match the .15 bitmask.

    >
    >
    > I don't see why not. It's just a bit mask pattern - no subnet
    > restrictions or anything like that.


    Although it would be nice if the ACL parser warned when you're masking
    off non-zero bits. It's almost never intentional. And in the case
    where you mistakenly enter a subnet mask in place of a wildcard mask, it
    has the exact opposite results than were intended. E.g. if you do:

    access-list 1 deny 10.0.0.0 255.0.0.0

    it's equivalent to:

    access-list 1 deny 0.0.0.0 255.0.0.0

    which only blocks addresses 0.x.x.x.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Jan 23, 2004
    #6
  7. david

    homer

    Joined:
    Jun 22, 2007
    Messages:
    1
    access-list 1 permit 192.168.1.184 0.0.0.7

    would only permit .180 - .187 what about 188-191?

    homer, Jun 22, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J Bard
    Replies:
    2
    Views:
    4,015
    J Bard
    Jan 10, 2004
  2. PS2 gamer
    Replies:
    6
    Views:
    6,817
    Hansang Bae
    Jun 9, 2004
  3. Yehavi Bourvine
    Replies:
    1
    Views:
    1,080
    Hansang Bae
    Aug 26, 2004
  4. paeengi8
    Replies:
    0
    Views:
    812
    paeengi8
    Jun 25, 2007
  5. Southern Kiwi
    Replies:
    6
    Views:
    2,170
    Southern Kiwi
    Mar 19, 2006
Loading...

Share This Page