I tried 0.0.0.119 in Packet Tracer and there are a lot of addresses in the range from 172.22.75.8 - 172.22.75.127 that aren't denied and addresses not in this range that are denied but should have been allowed. The ACL consisted of the following:
accest-list 10 deny 172.22.75.0 0.0.0.119
accest-list 10 permit 172.22.75.0 0.0.0.255
Did you try it yourself in Packet Tracer? I think it has to be done with multiple statements.
Yeah it wont work for any address that does not need the "8" to be added in binary.
For instance: 16-23 since 16 =00010000 then the "8" can't always be "on" or a 1 because it has to be a zero to make 16.... Right?
So that means, 16-23 would be allowed through.
So 00011000= 24 witch would be the next denied address.
So 24-31 would be the next denied addresses.
32= 00100000 and if the "8" is on or a 1 = 00101000 =40
so 32-39 would not be denied.
I would also like to thank you 2 for helping me with this problem.
Yes, I was wrong. You cannot deny that range of addresses without using multiple statements. Setting the mask to 119 as I previously stated forces the 4th bit to be in every source address, which causes the issues above. Also, setting the mask to 120 causes the other issue I alluded to in previous posts.
I apologize, I didn't do my due diligence. The only way I can see to match those addresses is with the following wildcard mask: 01111111. If your source address is 172.22.75.8 and mask is 0.0.0.127, that will match all addresses in that range, but it will also deny the 172.22.75.1 - 172.22.75.7 addresses.
I apologize if I caused you further headache, I know my head hurts a little bit.
@Sambotech12: Thanks for pointing that out.