how about:
access-list 111 deny ip 211.0.0.0
0.255.255.255 any log
access-list 111 deny ip 212.0.0.0 0.255.255.255 any log access-list 111 permit ip any any
This would still allow your 214.3.1.50 host to
have it's access. The two denies CAN be put togther into a
single statement using:
access-list 111 deny ip 207.0.0.0
7.255.255.255 any log
but as you can
see it is horribly inefficient as it will deny 207 to 215.... The 211/212
combination are in different subents for a 3.255.255.255.255
wildcard....
Comment: Looks like the 214.3.1.50 host is
your SNMP Server. Your existing ACL at first glance appears to be
isolating this Server... but then the bottom line hits and your still
allowing all access.... Your first 6 permit statements are
useless.....
HTH
Kevin L. Kultgen
MCSE+I, MCDBA, CCNA, CNX-A, A+, Network+, i-Net+/CIW IRIS Systems Inc, MCSP Calgary, Alberta
|
Title: Easier way to do Access-lists
- Easier way to do Access-lists Deloso, Elmer G.
- Re: Easier way to do Access-lists Kevin L. Kultgen
- Re: Easier way to do Access-lists Kevin L. Kultgen
- Re: Easier way to do Access-lists Derek CHUNG
- Re: Easier way to do Access-lists Dale Holmes
- How to use mzmaker Sharad
- Re: Easier way to do Access-lists Derek CHUNG
- Re: Easier way to do Access-lists Roger Dellaca