Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: configure the Access-list

configure the Access-list 7 years 5 months ago #30888

  • lav_plsb1
  • lav_plsb1's Avatar
  • Offline
  • Frequent Member
  • Posts: 34
  • Karma: 0
Hi,

Router with 4 lan connections and wan connection to the internet
4 LANs (e0,e1,e2,e3) - each of Lans connected to single host's ip address
e0- 172.16.144.17/19
e1-172.16.50.173/20
e2-172.16.198.94/18
e4-172.16.92.10/21

Below is the accesslist that will stop acess from each of the four lan i.e equal to shutdown to the internet
router(config)#access-list 1 deny 172.16.128.0 0.0.31.255
router(config)#access-list 1 deny 172.16.48.0 0.0.15.255
router(config)#access-list 1 deny 172.16.192.0 0.0.63.255
router(config)#access-list 1 deny 172.16.88.0 0.0.7.255
router(config)#access-list 1 permit any
router(config)#interface serial 0
router(config)#ip access-group 1 out

could you plz explain the address range and how it calculates the number of host's to deny..

thnxs,
The administrator has disabled public write access.

Re: configure the Access-list 7 years 4 months ago #30914

  • Losh
  • Losh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 103
  • Karma: 0
When adding an access-list permit or deny statement you have to specify a host or range of hosts just like you've done.

Lets take an example of the first deny statement:

router(config)#access-list 1 deny 172.16.128.0 0.0.31.255

The last portion 0.0.31.255 is called a wildcard mask. Its the inverse of the subnet mask 255.255.224.0.

Its simply calculated by subtracting 255.255.224.2 from 255.255.255.255.

Therefore the range of hosts specified by this mask is:
172.16.128.1 to 172.16.159.254

This is because there are 19 network bits and 13 host bits which give you a total of 8190 usable hosts.[/b]
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
The administrator has disabled public write access.

Re: configure the Access-list 7 years 4 months ago #30916

  • lav_plsb1
  • lav_plsb1's Avatar
  • Offline
  • Frequent Member
  • Posts: 34
  • Karma: 0
thnks for your reply
The administrator has disabled public write access.
Time to create page: 0.073 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup