On a class B network several of the third octets are already in use. They have been allocated in an ad hoc fashion so I do not have contiguous entries lining up on bit boundaries.
Are the following ACL entries valid to block these network ranges
access-list 20 deny ip x.x.9.0 0.0.2.255 to block 9,10 and 11 ( 8 is already allocated )
access-list 20 deny x.x.33.0 0.0.30.255 to block from 33 to 63 ( again 32 has been allocated )
The first access list will only block 9 and 11 subnets. You need to add one statement in access-list 20 for 10' subnet. If you use wildcard mask as 0.0.3.255 four subnets i.e., 8 to 11 will be blocked, which is not desired as 8 is already allocated.
The second access list will block all odd subnets starting from 33 to 63. To block 33 to 63 with 32 permitted, I would suggest one statement permitting 32' subnet and then using 0.0.31.255 wildcard mask. The packet for 32' subnet will be permitted first and access-list will not be checked after a match is made. All other packets for other subnets will be dropped. This way you will achieve in just two statements instead of 14 or so statements.
Dig Deeper on Networking careers and certifications
Related Q&A from Sudhanshu Gupta
Unmanaged Linksys switches don't know where to send BootP and DHCP requests. Find out what to do to fix the problem of unmanaged switches and DHCP ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.