[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Access list



Title: Access list

Hi all,

I assume that if I enter this access-list command below, it should block traffic from 192.168.33.50 - 192.168.33.58,

!
interface ethernet 0
ip access-group 101 out
!
access-list 101 deny ip 192.168.33.50 0.0.0.8 any
access-list 101 permit ip any any
!

but on the contrary it shows up in the 'sh config' as, that is counting backwards from the 50 I specified to mean 192.168.33.42 - 192.168.33.50

!
interface ethernet 0
ip access-group 101 out
!
access-list 101 deny ip 192.168.33.42 0.0.0.8 any
access-list 101 permit ip any any
!


And even after doing that, it blocks traffic only from .42 and .50 (that is the first and the last). Can anyone explain the usage better? That is, how exactly can I use access-lists to deny communication with another ip

Thanks

O.