Access how would I write this out access list

thomas130thomas130 Member Posts: 184
in CCNA & CCENT
I was wondering could someone show me how you would write an access list to stop any ip under the ip address please not this would be a class c address 192.168.3.127 from taking to another network for example 192.168.70.0.

Then let anyone greater than 192.168.3.127 access ftp to 192.168.70.0

Any help would be great I have been able to write other access list just not sure how you write one to stay if an ip address is under this do that etc
· Share on FacebookShare on Twitter

Comments

  • NeekoNeeko Member Posts: 170
    Assuming the destination is a class C subnet...

    deny ip 192.168.3.0 0.0.0.127 192.168.70.0 0.0.0.255

    permit tcp 192.168.3.128 0.0.0.127 192.168.70.0 0.0.0.255 eq ftp

    Consider that the deny or permit statement at the end of the list will mean one of the two entries may not be necessary.
    · Share on FacebookShare on Twitter
  • thomas130thomas130 Member Posts: 184
    Don't I need a statement saying if lt is less than 192.168.3.127 I believe it's lt for less than
    · Share on FacebookShare on Twitter
  • NeekoNeeko Member Posts: 170
    192.168.3.0 0.0.0.127 means IP addresses 192.168.3.1 - 192.168.3.127, which is what the first statement outlines.

    Do you mean you do not want .127 included, so just 126 and below? If so I think you may need to do some reading on wildcard masks because its not as simple as just saying 'less than 127'.
    · Share on FacebookShare on Twitter
  • billscott92787billscott92787 Member Posts: 933
    Neeko posted the correct statement to imply what exactly you were saying. The 192.168.3.0 0.0.0.127 denies any ip from 192.168.3.1 - 192.168.3.127, the next statement permits anything from .128 - .255
    · Share on FacebookShare on Twitter
Sign In or Register to comment.