Access Control Lists and Wildcard Masks

[Chrismac86]

I have a subnet address of 171.17.0.64: usable hosts 65 -126
from this range of addresses, I have to divide this range into two halfs, the lower half 171.17.0.65 to 171.17.0.95 is allowed access to Telnet the next hop router, the upper half of this range 171.17.0.96 to 171.17.0.126 is to be denied access to Telnet, I think the ACL should be configured thus, but would be grateful for any views.
access-list 101 deny tcp 171.17.0.96 0.0.0.31 171.17.255.65 0.0.0.0 eq 23
access-list 101 permit ip any any
or should I deny or permit each host individually
access-list 101 deny tcp host 171.17.0.96 host 171.17.255.65 eq 23
and so on until I have covered all addresses in the upper range, any help please.

Chris

 

[CCIEWANNABE]

access-list 101 deny tcp 171.17.0.127 0.0.0.0 171.17.255.65 0.0.0.0 eq 23 host 127 denied
access-list 101 deny tcp 171.17.0.96 0.0.0.31 171.17.255.65 0.0.0.0 eq 23 hosts 96 thru 126 denied access to port 23
access-list 101 deny tcp 171.17.0.64 0.0.0.0 171.17.255.65 0.0.0.0 eq 23 host 64 denied
access-list 101 permit tcp 171.17.0.65 0.0.0.31 171.17.255.65 0.0.0.0 eq 23 allow 65 thru 95 access to port 23
access-list 101 permit ip any any

You could make a host entry for each host, but that would require allot of administrative hassles. Remember to place comments in your access list to remember and explain the process.
Route once; switch many