[tclug-list] Cisco ACL help

[Erik Anderson]

On 5/15/07, G J <iipreca at hotmail.com> wrote:
> This obviously isn't totally linux related but I was wondering if you guys
> could shed any light for me.
> I am currently working on a cisco 2600 router and I am not sure of the IOS
> version off the top of my head. I am trying to configure Access Control
> Lists and I need to specify a range of IP addresses, basically I'm splitting
> a subnet in half so I need to be able to filter the top half from the bottom
> half. Any help would be greatly appreciated.


With the lack of specific details, it's hard to give an example I know
will be of use to you, but here - I'll propose a simple example and
you should be able to extrapolate...

Let's say you have 192.168.0.0/24 and you want to split it into two
halves.  You'd do something like this:

ip access-list standard list1
  permit 192.168.0.0 0.0.0.127

ip access-list standard list2
 permit 192.168.0.128 0.0.0.127

this would give you the following two subnets:
192.168.0.1 -> 192.168.0.126
and
192.168.0.129 -> 192.168.0.254

As you can see, inverse subnet masks are used in these ACLs.  The
"standard" subnet mask for these is 255.255.255.128.

By the way, this site incredibly valuable for this sort of thing:
http://www.subnetmask.info/

HTH.

-erik