Problem solve Get help with specific problems with your technologies, process and projects.

Are the following ACL entries valid?

On a class B network several of the third octets are already in use. They have been allocated in an ad hoc fashion so I do not have contiguous entries lining up on bit boundaries.

Are the following ACL entries valid to block these network ranges
access-list 20 deny ip x.x.9.0 to block 9,10 and 11 ( 8 is already allocated )
access-list 20 deny x.x.33.0 to block from 33 to 63 ( again 32 has been allocated )
The first access list will only block 9 and 11 subnets. You need to add one statement in access-list 20 for 10' subnet. If you use wildcard mask as four subnets i.e., 8 to 11 will be blocked, which is not desired as 8 is already allocated.

The second access list will block all odd subnets starting from 33 to 63. To block 33 to 63 with 32 permitted, I would suggest one statement permitting 32' subnet and then using wildcard mask. The packet for 32' subnet will be permitted first and access-list will not be checked after a match is made. All other packets for other subnets will be dropped. This way you will achieve in just two statements instead of 14 or so statements.

This was last published in December 2003

Dig Deeper on Networking careers and certifications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.