You might try the below: access-list 10 deny 192.100.34.96 0.0.0.3 access-list 10 deny 192.100.34.151 0.0.0.0 access-list 10 deny 192.100.34.152 0.0.0.7 access-list 10 permit 192.100.34.96 0.0.0.31 access-list 10 permit 192.100.34.128 0.0.0.31
The 1st three lines block the unwanted portions of the ranges allowed by the last 2 lines. Don't forget the implied deny all after the last line that blocks all other addresses. Some folks like to put an explicit "deny any" as the last line. Can be applied inbound on the external interface(s) or outbound on the internal interface(s). Happy 4th of July! :) HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy "Cunctando restituit rem" "Hyman, Craig" wrote: ALL- I know you have answered this question before, but I hope somewhere in your 4th of July heart you can help me. I have a 1600 router running a 12021 IP PLUS --- I have tried to add access-lists to block all sites incoming except 192.100.34.100-150. Can someone help with the correct lists. Thanks in advance SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71704&t=71684 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
