Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Create ACL for ip range

Status
Not open for further replies.

acabezas2014

IS-IT--Management
Dec 2, 2013
6
US
Hi All,

Trying to create an ACL for the following below.

10.134.76.100-105
permit ip 10.134.76.100-105 host 10.242.254.146
permit ip 10.134.76.100-105 host 10.227.232.12
permit ip 10.134.76.100-105 host 10.227.238.91
permit ip 10.134.76.100-105 host 10.228.18.7
permit ip 10.134.76.100-105 host 10.242.127.21
permit ip 10.134.76.100-105 host 10.228.127.22
deny ip 10.134.76.100-105 to 135 any
permit ip any any

When I enter the following ACL below onto my router is looks the following below.
ACL Entered
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.242.254.146
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.227.232.12
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.227.238.91
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.228.18.7
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.228.127.21
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.228.127.22
Access-list 120 deny ip 10.134.76.100 0.0.0.5 any
Access-list 120 permit ip any any

Results of a SH RUN
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.242.254.146
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.227.232.12
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.227.238.91
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.228.18.7
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.228.127.21
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.228.127.22
access-list 120 deny ip 10.134.76.96 0.0.0.5 any
access-list 120 permit ip any any

Can anyone please let me know if this is correct or how I would add the ACL to allow range from 10.134.76.100 to 105. Thanks
 
If you are looking to allow just 10.134.76.100-.105 to these hosts, and deny the rest of the 10.134.76.0/24 range, you could do (remember you have to use inverse masks!):

access-list 100 permit ip host 10.134.76.100 host 10.242.254.146
access-list 100 permit ip host 10.134.76.101 host 10.242.254.146
access-list 100 permit ip host 10.134.76.102 host 10.242.254.146
access-list 100 permit ip host 10.134.76.103 host 10.242.254.146
access-list 100 permit ip host 10.134.76.104 host 10.242.254.146
access-list 100 permit ip host 10.134.76.105 host 10.242.254.146
access-list 100 permit ip host 10.134.76.100 host 10.227.232.12
access-list 100 permit ip host 10.134.76.101 host 10.227.232.12
access-list 100 permit ip host 10.134.76.102 host 10.227.232.12
access-list 100 permit ip host 10.134.76.103 host 10.227.232.12
access-list 100 permit ip host 10.134.76.104 host 10.227.232.12
access-list 100 permit ip host 10.134.76.105 host 10.227.232.12
access-list 100 permit ip host 10.134.76.100 host 10.227.238.91
access-list 100 permit ip host 10.134.76.101 host 10.227.238.91
access-list 100 permit ip host 10.134.76.102 host 10.227.238.91
access-list 100 permit ip host 10.134.76.103 host 10.227.238.91
access-list 100 permit ip host 10.134.76.104 host 10.227.238.91
access-list 100 permit ip host 10.134.76.105 host 10.227.238.91
access-list 100 permit ip host 10.134.76.100 host 10.228.18.7
access-list 100 permit ip host 10.134.76.101 host 10.228.18.7
access-list 100 permit ip host 10.134.76.102 host 10.228.18.7
access-list 100 permit ip host 10.134.76.103 host 10.228.18.7
access-list 100 permit ip host 10.134.76.104 host 10.228.18.7
access-list 100 permit ip host 10.134.76.105 host 10.228.18.7
access-list 100 permit ip host 10.134.76.100 host 10.242.127.21
access-list 100 permit ip host 10.134.76.101 host 10.242.127.21
access-list 100 permit ip host 10.134.76.102 host 10.242.127.21
access-list 100 permit ip host 10.134.76.103 host 10.242.127.21
access-list 100 permit ip host 10.134.76.104 host 10.242.127.21
access-list 100 permit ip host 10.134.76.105 host 10.242.127.21
access-list 100 permit ip host 10.134.76.100 host 10.242.127.22
access-list 100 permit ip host 10.134.76.101 host 10.242.127.22
access-list 100 permit ip host 10.134.76.102 host 10.242.127.22
access-list 100 permit ip host 10.134.76.103 host 10.242.127.22
access-list 100 permit ip host 10.134.76.104 host 10.242.127.22
access-list 100 permit ip host 10.134.76.105 host 10.242.127.22
access-list 100 deny ip 10.134.76.0 0.0.0.255 any
permit ip any any


Then apply to your interface:
Interface GigabitEthernet0/1
ip access-group 100 in
ip access-group 100 out


Hope this helps.
 
Thank you so much for the reply. Yes it helped a lot. Thanks
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top