Q
Problem solve Get help with specific problems with your technologies, process and projects.

Are the following ACL entries valid?

On a class B network several of the third octets are already in use. They have been allocated in an ad hoc fashion so I do not have contiguous entries lining up on bit boundaries.

Are the following ACL entries valid to block these network ranges
access-list 20 deny ip x.x.9.0 0.0.2.255 to block 9,10 and 11 ( 8 is already allocated )
access-list 20 deny x.x.33.0 0.0.30.255 to block from 33 to 63 ( again 32 has been allocated )
The first access list will only block 9 and 11 subnets. You need to add one statement in access-list 20 for 10' subnet. If you use wildcard mask as 0.0.3.255 four subnets i.e., 8 to 11 will be blocked, which is not desired as 8 is already allocated.

The second access list will block all odd subnets starting from 33 to 63. To block 33 to 63 with 32 permitted, I would suggest one statement permitting 32' subnet and then using 0.0.31.255 wildcard mask. The packet for 32' subnet will be permitted first and access-list will not be checked after a match is made. All other packets for other subnets will be dropped. This way you will achieve in just two statements instead of 14 or so statements.

Dig Deeper on Networking careers and certifications

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close