24

Sep

Using Cisco Access Control List to block a subnet

Posted by BlogAdmin  Published in Troubleshooting

Question:

I have the following ClassB network 172.31.0.0/16 that I’m trying to create an access list for. I’d like to allow 172.31.240.0/24 but deny all else, so I’m looking the best way to accomplish this with 2 acl lines.

Answer:

The best way to accomplish the above is to explicitly allow the subnet you want and then deny the whole Class B network as following:

access-list 110 permit ip 172.31.240.0 0.0.0.255
access-list 110 deny ip 172.31.0.0 0.0.255.255

Another option with just one ACL entry would be to permit only the subnet 172.31.240.0/24 and thats it. No other ACL entries are needed since there is an implicit deny at the end of the access list statement.


Related Articles

No user responded in this post

Subscribe to this post comment rss or trackback url
Leave A Reply

 Username (*required)

 Email Address (*private)

 Website (*optional)

Please Note: Comment moderation maybe active so there is no need to resubmit your comments