A tricky question that I haven't been able to figure out (yet)
- there's a VLAN 30 with /25 subnet mass, with IPs ranging in 192.168.30.X
- I'm supposed to create a standard access list with the least number of entries possible
this access list will be applied to line vty 0 4 inbound to allow only ssh from the IP sources listed -
access control limited to only IP addresses ranging from 192 .168.30.245 to . 254
-
instead of typing all the IP addresses individually, what would be the shortlist ACL list possible with the least entries?
I have tried the following combination, it didn't work
access-list 1 permit 192.168.30.240 0.0.0.16
access-list 1 deny 192.168.30.240 0.0.0.3
and i tried reversing the order
access-list 1 deny 192.168.30.240 0.0.0.3
access-list 1 permit 192.168.30.240 0.0.0.16
doesn't work either.
the moment i enabled the command
SW(config)#line vty 0 4
SW(config-line)#access-class 1 in
i can't ssh in from 192.168.30.252 or 192.168.30.253 anymore ( i can ssh in if i don't apply the access-list to the line vty 0 4)
could someone pls help me to figure out what i did wrong?
No comments:
Post a Comment