ACL Questions

[rbrookes]

Hi all, I'm new to this Cisco Malarkey so please forgive my half baked questions.....

I’ve been trying to get my head round configuring ACL’s and I just have two things I that I’m unsure of….

1. How do I deny access to a specific IP address and apply this to all hosts?

2. If I want to split a subnet and allow http access to a network is there a simple way to do this e.g. 192.168.6.96 – 192.168.6.103 are allowed access to the 172.16.0.0 network whereas 192.168.6.104 – 192.168.6.110 are not allowed access

Thanks in advance

 

[North323]

#1 access-list extended ACL_Name deny 192.168.0.0 255.255.0.0 any OR you can use a specific host just make sure the net mask is correct

#2 creat an acl the same way but subnet it out. use

http://www.subnet-calculator.com/

access-list exnteded ACL_Name permit tcp 192.168.6.1 255.255.255.128 (which is .1 - .126)

or

you can create network objects for each IP address, like,

object-group network Sample_Name
network-object 192.168.6.96
etc..etc...

then create your acl using that group
access-list ACL_Name extended permit ip object-group Sample_Name any

 

[burtsbees]

Router or ASA/PIX?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!