Caslow's book Cisco Certification ISBN 0-13-082537-9 pp877-679 contains an
acces-list algorithmn -- can be improved. Following may work for your
example to block 192.168.100.100 - 192.168.100.254
permit 192.168.100.255 0.0.0.0 -- broadcast
deny 192.168.100.96 0.0.0.31 -- 96->127
deny 192.168.100.128.127 0.0.0.127 -- 129->255
permit any -- all other
"Andy Walden" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> You can do it based on subnet. If you could narrow down the largest legal
> subnet in the block of ips you wanted to deny then block the left over
> ones with a smaller subnet or individuals. Good planning and design says
> things like this should fall on subnet lines.
>
> andy
>
> On Wed, 13 Dec 2000, Edward Gomez wrote:
>
> > Hi all,
> >
> > I was just wondering is there a way to specify a range of ip addresses
in an
> > access list. Say for instance that I am using an RFC1700 address
> > 192.168.100.0/24 and I want to block ip addresses 192.168.100.100 -
> > 192.168.100.254 from going out to 0.0.0.0 do I have to manually do 154
> > seperate entries in the access list?
> >
> > Thanks in advance!
> >
> > Eddie
> >
> > ----------
> > Edward J. Gomez, MCSE, CNE, CCNA
> > Information Systems Manager
> > ProxyMed, Inc
> > 2555 Davie Road,
> > Suite 110
> > Fort Lauderdale, Florida 33317
> > (954) 473-1001 x315
> > http://www.proxymed.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
