ACL Question

[pc2mike]

Lets say you have 30 class C's and you don't want
to keep typing them in at the bottom of your ACL.

Is there a function within cisco that will let you
name those class C's as a WORD and type just one
line in at the bottom of your ACL?

I know how to do it with IPFW rules within Linux,
but there seems to be a need for doing the same
thing within CISCO routers if available.

Thanks,
Mike

 

[BuckWeet]

good question, i'm not aware of any, I know you can do this on the PIX though..


anyone else?

BuckWeet

 

[gconnect]

unfortunalty not that i anm aware of (although this can be done with object-grouping on the pix firewall)

but if they are within close proximety, you can always supernet them and use that in your acl statements

-i.e.
10.1.1.0/30
10.1.1.4/30
10.1.1.8/30
10.1.1.12/30 = 10.1.1.0/28

access-list 100 permit ip 10.1.1.0 0.0.0.240 any

 

[baddos]

If they are all part of the same parent netblock, you can aggregate them to a larger subnet.

I.E. 30 subnets in the 10.0.0.0 subnet would split up like this

access-list 100 permit ip 10.0.0.0 255.255.240 any
access-list 100 permit ip 10.0.16.0 255.255.240 any

The IOS will match the ip address even though the subnets are actually smaller than the ones in the access-list.

-Bad Dos