Just a hypothetical, if I wanted to setup an access list that
would only permit hosts .1 thru .10 access to the web, would this
be the correct way to do this without giving other hosts on the /24 network access?
access-list 101 permit tcp 192.168.1.0 0.0.0.4 any eq 80
access-list 101 permit tcp host 192.168.1.8 any eq 80
access-list 101 permit tcp host 192.168.1.9 any eq 80
access-list 101 permit tcp host 192.168.1.10 any eq 80
I was thinking if I were to setup something like this...
access-list 101 permit tcp 192.168.1.0 0.0.0.8 any eq 80
...that it would give users between 1 thru 15 access. I'm not
sure if I'm understandig this the right way though, so I'm hoping someone can clarify this for me if I'm incorrect.
Re: Acess List for range of hosts
10 years 6 months ago #25146
In this type of scenario, first calculate the subnet mask, subtract it from from 255 to get the wild card mask.
then use one single acl statement to cover a range of hosts.If for specified hosts, the wildcard mask should be 0.0.0.0 ( all bits to match)