Re: Access-list ?? [7:71696]
Yep - Good call :-) Sorry Bikespace Dimitrije wrote in message news:[EMAIL PROTECTED] if .150 is inclusive, within the permitted range, then add 1 additional permit statement: permit host 192.100.34.150 Bikespace wrote: I think the: access-list 10 permit 192.100.34.97 0.0.0.31 should be access-list 10 permit 192.100.34.96 0.0.0.31 as 97 isn't the network address, but this means adding another line at the start to disallow 96. I'll stick by my previous effort for the moment: deny 192.100.34.96 0.0.0.3 permit 192.100.34.96 0.0.0.31 permit 192.100.34.128 0.0.0.15 permit 192.100.34.144 0.0.0.3 permit 192.100.34.148 0.0.0.1 Bikespace Hyman, Craig wrote in message news:[EMAIL PROTECTED] Thank you I will try this and see if it works.. SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Kam Chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: RE: Access-list ?? [7:71696] Craig, The problem as I see it is you need to allow 50 hosts, to pass through an ACL but the 50 hosts you want to pass are difficult to mask out with a simple ACL. The previous answers provided might be correct but are a little more than I believe you are looking for. You are not trying to filter on source AND destination address and do not need to filter by protocol, just source, so I recomend a standard access-list, like I have listed below. There are several ways to slice it up here is just one. access-list 10 deny host 192.100.34.97 access-list 10 deny host 192.100.34.98 access-list 10 deny host 192.100.34.99 access-list 10 deny host 192.100.34.151 access-list 10 deny host 192.100.34.152 access-list 10 deny 192.100.34.153 0.0.0.7 access-list 10 permit 192.100.34.97 0.0.0.31 access-list 10 permit host 192.100.34.127 access-list 10 permit host 192.100.34.128 access-list 10 permit 192.100.34.129 0.0.0.31 If it's an option, you might want to consider re-addressing to better align your host addresses with a subnet boundary. For example, 192.100.34.65 0.0.0.63 covers hosts 65-126 (62 hosts) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71822t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list ?? [7:71696]
Craig, The problem as I see it is you need to allow 50 hosts, to pass through an ACL but the 50 hosts you want to pass are difficult to mask out with a simple ACL. The previous answers provided might be correct but are a little more than I believe you are looking for. You are not trying to filter on source AND destination address and do not need to filter by protocol, just source, so I recomend a standard access-list, like I have listed below. There are several ways to slice it up here is just one. access-list 10 deny host 192.100.34.97 access-list 10 deny host 192.100.34.98 access-list 10 deny host 192.100.34.99 access-list 10 deny host 192.100.34.151 access-list 10 deny host 192.100.34.152 access-list 10 deny 192.100.34.153 0.0.0.7 access-list 10 permit 192.100.34.97 0.0.0.31 access-list 10 permit host 192.100.34.127 access-list 10 permit host 192.100.34.128 access-list 10 permit 192.100.34.129 0.0.0.31 If it's an option, you might want to consider re-addressing to better align your host addresses with a subnet boundary. For example, 192.100.34.65 0.0.0.63 covers hosts 65-126 (62 hosts) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71791t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list ?? [7:71696]
Thank you I will try this and see if it works.. SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Kam Chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: RE: Access-list ?? [7:71696] Craig, The problem as I see it is you need to allow 50 hosts, to pass through an ACL but the 50 hosts you want to pass are difficult to mask out with a simple ACL. The previous answers provided might be correct but are a little more than I believe you are looking for. You are not trying to filter on source AND destination address and do not need to filter by protocol, just source, so I recomend a standard access-list, like I have listed below. There are several ways to slice it up here is just one. access-list 10 deny host 192.100.34.97 access-list 10 deny host 192.100.34.98 access-list 10 deny host 192.100.34.99 access-list 10 deny host 192.100.34.151 access-list 10 deny host 192.100.34.152 access-list 10 deny 192.100.34.153 0.0.0.7 access-list 10 permit 192.100.34.97 0.0.0.31 access-list 10 permit host 192.100.34.127 access-list 10 permit host 192.100.34.128 access-list 10 permit 192.100.34.129 0.0.0.31 If it's an option, you might want to consider re-addressing to better align your host addresses with a subnet boundary. For example, 192.100.34.65 0.0.0.63 covers hosts 65-126 (62 hosts) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71794t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list ?? [7:71696]
I think the: access-list 10 permit 192.100.34.97 0.0.0.31 should be access-list 10 permit 192.100.34.96 0.0.0.31 as 97 isn't the network address, but this means adding another line at the start to disallow 96. I'll stick by my previous effort for the moment: deny 192.100.34.96 0.0.0.3 permit 192.100.34.96 0.0.0.31 permit 192.100.34.128 0.0.0.15 permit 192.100.34.144 0.0.0.3 permit 192.100.34.148 0.0.0.1 Bikespace Hyman, Craig wrote in message news:[EMAIL PROTECTED] Thank you I will try this and see if it works.. SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Kam Chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: RE: Access-list ?? [7:71696] Craig, The problem as I see it is you need to allow 50 hosts, to pass through an ACL but the 50 hosts you want to pass are difficult to mask out with a simple ACL. The previous answers provided might be correct but are a little more than I believe you are looking for. You are not trying to filter on source AND destination address and do not need to filter by protocol, just source, so I recomend a standard access-list, like I have listed below. There are several ways to slice it up here is just one. access-list 10 deny host 192.100.34.97 access-list 10 deny host 192.100.34.98 access-list 10 deny host 192.100.34.99 access-list 10 deny host 192.100.34.151 access-list 10 deny host 192.100.34.152 access-list 10 deny 192.100.34.153 0.0.0.7 access-list 10 permit 192.100.34.97 0.0.0.31 access-list 10 permit host 192.100.34.127 access-list 10 permit host 192.100.34.128 access-list 10 permit 192.100.34.129 0.0.0.31 If it's an option, you might want to consider re-addressing to better align your host addresses with a subnet boundary. For example, 192.100.34.65 0.0.0.63 covers hosts 65-126 (62 hosts) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71795t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list ?? [7:71696]
if .150 is inclusive, within the permitted range, then add 1 additional permit statement: permit host 192.100.34.150 Bikespace wrote: I think the: access-list 10 permit 192.100.34.97 0.0.0.31 should be access-list 10 permit 192.100.34.96 0.0.0.31 as 97 isn't the network address, but this means adding another line at the start to disallow 96. I'll stick by my previous effort for the moment: deny 192.100.34.96 0.0.0.3 permit 192.100.34.96 0.0.0.31 permit 192.100.34.128 0.0.0.15 permit 192.100.34.144 0.0.0.3 permit 192.100.34.148 0.0.0.1 Bikespace Hyman, Craig wrote in message news:[EMAIL PROTECTED] Thank you I will try this and see if it works.. SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Kam Chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: RE: Access-list ?? [7:71696] Craig, The problem as I see it is you need to allow 50 hosts, to pass through an ACL but the 50 hosts you want to pass are difficult to mask out with a simple ACL. The previous answers provided might be correct but are a little more than I believe you are looking for. You are not trying to filter on source AND destination address and do not need to filter by protocol, just source, so I recomend a standard access-list, like I have listed below. There are several ways to slice it up here is just one. access-list 10 deny host 192.100.34.97 access-list 10 deny host 192.100.34.98 access-list 10 deny host 192.100.34.99 access-list 10 deny host 192.100.34.151 access-list 10 deny host 192.100.34.152 access-list 10 deny 192.100.34.153 0.0.0.7 access-list 10 permit 192.100.34.97 0.0.0.31 access-list 10 permit host 192.100.34.127 access-list 10 permit host 192.100.34.128 access-list 10 permit 192.100.34.129 0.0.0.31 If it's an option, you might want to consider re-addressing to better align your host addresses with a subnet boundary. For example, 192.100.34.65 0.0.0.63 covers hosts 65-126 (62 hosts) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71805t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access-list ?? [7:71696]
ALL- I know you have answered this question before, but I hope somewhere in your 4th of July heart you can help me. I have a 1600 router running a 12021 IP PLUS --- I have tried to add access-lists to block all sites incoming except 192.100.34.100-150. Can someone help with the correct lists. Thanks in advance SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71696t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list ?? [7:71696]
This is interesting. Obviously one solution is to deny the 50 hosts with 50 deny statements. Will this solution work? It uses 12 statements. access-list 110 deny ip host 192.100.34.110 access-list 110 deny ip host 192.100.34.111 access list 110 deny ip 192.100.34.112 0.0.0.16 access-list 110 deny ip 192.100.34.128 0.0.0.16 access-list 110 deny ip host 192.100.34.143 access-list 110 deny ip host 192.100.34.144 access-list 110 deny ip host 192.100.34.145 access-list 110 deny ip host 192.100.34.146 access-list 110 deny ip host 192.100.34.147 access-list 110 deny ip host 192.100.34.148 access-list 110 deny ip host 192.100.34.149 access-list 110 deny ip host 192.100.34.150 access-list 110 permit any Shoot me down if I'm wrong! Regards, Janó Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71729t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list ?? [7:71696]
I have a 1600 router running a 12021 IP PLUS --- I have tried to add access-lists to block all sites incoming except 192.100.34.100- 150. Can someone help with the correct lists. - jvd wrote: This is interesting. Obviously one solution is to deny the 50 hosts with 50 deny statements. Will this solution work? It uses 12 statements. access-list 110 deny ip host 192.100.34.110 access-list 110 deny ip host 192.100.34.111 access list 110 deny ip 192.100.34.112 0.0.0.16 access-list 110 deny ip 192.100.34.128 0.0.0.16 access-list 110 deny ip host 192.100.34.143 access-list 110 deny ip host 192.100.34.144 access-list 110 deny ip host 192.100.34.145 access-list 110 deny ip host 192.100.34.146 access-list 110 deny ip host 192.100.34.147 access-list 110 deny ip host 192.100.34.148 access-list 110 deny ip host 192.100.34.149 access-list 110 deny ip host 192.100.34.150 access-list 110 permit any Oops, I found a mistake in the access list. The 3rd and 4th lines should be: access list 110 deny ip 192.100.34.112 0.0.0.15 access-list 110 deny ip 192.100.34.128 0.0.0.15 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71761t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list ?? [7:71696]
Jans van Deventer wrote: I have a 1600 router running a 12021 IP PLUS --- I have tried to add access-lists to block all sites incoming except 192.100.34.100- 150. Can someone help with the correct lists. - jvd wrote: This is interesting. Obviously one solution is to deny the 50 hosts with 50 deny statements. Since he wants to block all *except* the range of 50, wouldn't this be a better option? access-list 110 permit ip 192.100.34.100 0.0.0.3 ! 100-103 access-list 110 permit ip 192.100.34.104 0.0.0.7 ! 104-111 access-list 110 permit ip 192.100.34.112 0.0.0.15 ! 112-127 access-list 110 permit ip 192.100.34.128 0.0.0.15 ! 128-143 access-list 110 permit ip 192.100.34.144 0.0.0.3 ! 144-147 access-list 110 permit ip 192.100.34.148 0.0.0.1 ! 148-149 access-list 110 permit ip 192.100.34.150 0.0.0.0 ! 150 access-list 110 deny ip any any -jm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71767t=71696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]