Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Acess List for range of hosts

Acess List for range of hosts 10 years 8 months ago #25145

Just a hypothetical, if I wanted to setup an access list that
would only permit hosts .1 thru .10 access to the web, would this
be the correct way to do this without giving other hosts on the /24 network access?

access-list 101 permit tcp 192.168.1.0 0.0.0.4 any eq 80
access-list 101 permit tcp host 192.168.1.8 any eq 80
access-list 101 permit tcp host 192.168.1.9 any eq 80
access-list 101 permit tcp host 192.168.1.10 any eq 80


I was thinking if I were to setup something like this...

access-list 101 permit tcp 192.168.1.0 0.0.0.8 any eq 80

...that it would give users between 1 thru 15 access. I'm not
sure if I'm understandig this the right way though, so I'm hoping someone can clarify this for me if I'm incorrect.

Thanks,

JT

Re: Acess List for range of hosts 10 years 8 months ago #25146

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
Hi,

Remember for the inverse mask youi subtract it from 255, so

To have the 8 hosts (0-7), you would have a subnet of;

255.255.255.248.

255.255.255.255
- 255.255.255.248
0 . 0 . 0 . 7

Therefore, for you example, you would in fact have;

access-list 101 permit tcp 192.168.1.0 0.0.0.7 any eq 80

then the others you identified.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: Acess List for range of hosts 10 years 8 months ago #25157

yes, the above explanation seems fine :

In this type of scenario, first calculate the subnet mask, subtract it from from 255 to get the wild card mask.
then use one single acl statement to cover a range of hosts.If for specified hosts, the wildcard mask should be 0.0.0.0 ( all bits to match)
  • Page:
  • 1
Time to create page: 0.160 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup