Acess List for range of hosts

Just a hypothetical, if I wanted to setup an access list that
would only permit hosts .1 thru .10 access to the web, would this
be the correct way to do this without giving other hosts on the /24 network access?

access-list 101 permit tcp 192.168.1.0 0.0.0.4 any eq 80
access-list 101 permit tcp host 192.168.1.8 any eq 80
access-list 101 permit tcp host 192.168.1.9 any eq 80
access-list 101 permit tcp host 192.168.1.10 any eq 80


I was thinking if I were to setup something like this...

access-list 101 permit tcp 192.168.1.0 0.0.0.8 any eq 80

...that it would give users between 1 thru 15 access. I'm not
sure if I'm understandig this the right way though, so I'm hoping someone can clarify this for me if I'm incorrect.

Thanks,

JT

Hi,

Remember for the inverse mask youi subtract it from 255, so

To have the 8 hosts (0-7), you would have a subnet of;

255.255.255.248.

255.255.255.255
- 255.255.255.248
0 . 0 . 0 . 7

Therefore, for you example, you would in fact have;

access-list 101 permit tcp 192.168.1.0 0.0.0.7 any eq 80

then the others you identified.

Cheers

yes, the above explanation seems fine :

In this type of scenario, first calculate the subnet mask, subtract it from from 255 to get the wild card mask.
then use one single acl statement to cover a range of hosts.If for specified hosts, the wildcard mask should be 0.0.0.0 ( all bits to match)