Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Acess List for range of hosts

Acess List for range of hosts 8 years 7 months ago #25145

  • jtartist
  • jtartist's Avatar
  • Offline
  • Frequent Member
  • Posts: 27
  • Karma: 0
Just a hypothetical, if I wanted to setup an access list that
would only permit hosts .1 thru .10 access to the web, would this
be the correct way to do this without giving other hosts on the /24 network access?

access-list 101 permit tcp 192.168.1.0 0.0.0.4 any eq 80
access-list 101 permit tcp host 192.168.1.8 any eq 80
access-list 101 permit tcp host 192.168.1.9 any eq 80
access-list 101 permit tcp host 192.168.1.10 any eq 80


I was thinking if I were to setup something like this...

access-list 101 permit tcp 192.168.1.0 0.0.0.8 any eq 80

...that it would give users between 1 thru 15 access. I'm not
sure if I'm understandig this the right way though, so I'm hoping someone can clarify this for me if I'm incorrect.

Thanks,

JT
The administrator has disabled public write access.

Re: Acess List for range of hosts 8 years 7 months ago #25146

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi,

Remember for the inverse mask youi subtract it from 255, so

To have the 8 hosts (0-7), you would have a subnet of;

255.255.255.248.

255.255.255.255
- 255.255.255.248
0 . 0 . 0 . 7

Therefore, for you example, you would in fact have;

access-list 101 permit tcp 192.168.1.0 0.0.0.7 any eq 80

then the others you identified.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Acess List for range of hosts 8 years 7 months ago #25157

  • emperorz
  • emperorz's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
yes, the above explanation seems fine :

In this type of scenario, first calculate the subnet mask, subtract it from from 255 to get the wild card mask.
then use one single acl statement to cover a range of hosts.If for specified hosts, the wildcard mask should be 0.0.0.0 ( all bits to match)
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup