Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Create ACL for ip range

Status
Not open for further replies.
acabezas2014

acabezas2014

IS-IT--Management
Dec 2, 2013
6
US
Hi All,

Trying to create an ACL for the following below.

10.134.76.100-105
permit ip 10.134.76.100-105 host 10.242.254.146
permit ip 10.134.76.100-105 host 10.227.232.12
permit ip 10.134.76.100-105 host 10.227.238.91
permit ip 10.134.76.100-105 host 10.228.18.7
permit ip 10.134.76.100-105 host 10.242.127.21
permit ip 10.134.76.100-105 host 10.228.127.22
deny ip 10.134.76.100-105 to 135 any
permit ip any any

When I enter the following ACL below onto my router is looks the following below.
ACL Entered
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.242.254.146
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.227.232.12
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.227.238.91
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.228.18.7
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.228.127.21
Access-list 120 permit ip 10.134.76.100 0.0.0.5 host 10.228.127.22
Access-list 120 deny ip 10.134.76.100 0.0.0.5 any
Access-list 120 permit ip any any

Results of a SH RUN
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.242.254.146
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.227.232.12
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.227.238.91
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.228.18.7
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.228.127.21
access-list 120 permit ip 10.134.76.96 0.0.0.5 host 10.228.127.22
access-list 120 deny ip 10.134.76.96 0.0.0.5 any
access-list 120 permit ip any any

Can anyone please let me know if this is correct or how I would add the ACL to allow range from 10.134.76.100 to 105. Thanks
 
Sort by date Sort by votes
If you are looking to allow just 10.134.76.100-.105 to these hosts, and deny the rest of the 10.134.76.0/24 range, you could do (remember you have to use inverse masks!):

access-list 100 permit ip host 10.134.76.100 host 10.242.254.146
access-list 100 permit ip host 10.134.76.101 host 10.242.254.146
access-list 100 permit ip host 10.134.76.102 host 10.242.254.146
access-list 100 permit ip host 10.134.76.103 host 10.242.254.146
access-list 100 permit ip host 10.134.76.104 host 10.242.254.146
access-list 100 permit ip host 10.134.76.105 host 10.242.254.146
access-list 100 permit ip host 10.134.76.100 host 10.227.232.12
access-list 100 permit ip host 10.134.76.101 host 10.227.232.12
access-list 100 permit ip host 10.134.76.102 host 10.227.232.12
access-list 100 permit ip host 10.134.76.103 host 10.227.232.12
access-list 100 permit ip host 10.134.76.104 host 10.227.232.12
access-list 100 permit ip host 10.134.76.105 host 10.227.232.12
access-list 100 permit ip host 10.134.76.100 host 10.227.238.91
access-list 100 permit ip host 10.134.76.101 host 10.227.238.91
access-list 100 permit ip host 10.134.76.102 host 10.227.238.91
access-list 100 permit ip host 10.134.76.103 host 10.227.238.91
access-list 100 permit ip host 10.134.76.104 host 10.227.238.91
access-list 100 permit ip host 10.134.76.105 host 10.227.238.91
access-list 100 permit ip host 10.134.76.100 host 10.228.18.7
access-list 100 permit ip host 10.134.76.101 host 10.228.18.7
access-list 100 permit ip host 10.134.76.102 host 10.228.18.7
access-list 100 permit ip host 10.134.76.103 host 10.228.18.7
access-list 100 permit ip host 10.134.76.104 host 10.228.18.7
access-list 100 permit ip host 10.134.76.105 host 10.228.18.7
access-list 100 permit ip host 10.134.76.100 host 10.242.127.21
access-list 100 permit ip host 10.134.76.101 host 10.242.127.21
access-list 100 permit ip host 10.134.76.102 host 10.242.127.21
access-list 100 permit ip host 10.134.76.103 host 10.242.127.21
access-list 100 permit ip host 10.134.76.104 host 10.242.127.21
access-list 100 permit ip host 10.134.76.105 host 10.242.127.21
access-list 100 permit ip host 10.134.76.100 host 10.242.127.22
access-list 100 permit ip host 10.134.76.101 host 10.242.127.22
access-list 100 permit ip host 10.134.76.102 host 10.242.127.22
access-list 100 permit ip host 10.134.76.103 host 10.242.127.22
access-list 100 permit ip host 10.134.76.104 host 10.242.127.22
access-list 100 permit ip host 10.134.76.105 host 10.242.127.22
access-list 100 deny ip 10.134.76.0 0.0.0.255 any
permit ip any any

Then apply to your interface:
Interface GigabitEthernet0/1
ip access-group 100 in
ip access-group 100 out

Hope this helps.
 
Upvote 0 Downvote
Thank you so much for the reply. Yes it helped a lot. Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
161
jarod_paris
jarod_paris
disk-us
  • Locked
  • Question
RTU licensing for a901
Replies
0
Views
72
disk-us
disk-us
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
105
burtsbees
burtsbees
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
81
acabezas2014
acabezas2014
Willi DB
  • Locked
  • Question
Polycom410 Forward an incoming call
Replies
0
Views
84
Willi DB
Willi DB

Part and Inventory Search

Sponsor

Back
Top