use this -
access-list 103 deny ip 100.16.0.0 0.1.255.255
An easy way to look at it is that if your address ranges are consecutive
then the .16 above is the starting address and .1 is the number of networks.
So it blocks 16-17.
Or look at bits -
.16 = 00010000
.17 = 00010001
in the mask 0 = must match, 1 = don't care, so use
00000001
The .238 mask you put below would look like this -
11101110
So it would allow the following networks
00010000
00010010
00010100
00010110
00011000
00011010
00011100
00011110
00110000
00110010
00110100
00110110
00111000
00111010
00111100
00111110 .... and so on.
The only rule would be that the 5th bit had to be a 1 and the 1st bit had to
be a 0 (right to left)
hope that helps.
Mike
>
>I need to deny 2 consecutive network ranges. I'd like to combine these
>into
>one statement. Here's my example, am I correct?
>
>Example IPs: 100.16.0.0 and 100.17.0.0
>
>I want to block on the .16 & .17 space:
>
>access-list 103 deny ip 100.16.0.0 0.238.255.255 any
>
>
>Thanks,
>
>
>Rob Montgomery
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
