Re: Appletalk includes and within

From: John Conzone (jkconzone@xxxxxxxx)
Date: Sun Oct 01 2000 - 18:26:53 GMT-3

• Next message: Steve McNutt: "RE: Appletalk includes and within"
• Previous message: Kirk Bollinger: "Re: Appletalk includes and within"
• Maybe in reply to: Kirk Bollinger: "Appletalk includes and within"
• Next in thread: Steve McNutt: "RE: Appletalk includes and within"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
    Kirk, thats a good question, the answer to which I don't know.
I just read the IOS command reference, and it says:

"To define an AppleTalk access list for an extended or a nonextended network
whose network number or cable range is included entirely within the
specified cable range, use the access-list within command in global
configuration mode. To remove this access list, use the no form of this
command."

    To me that means that it should include the begginning and ending cable
range, which would make the second statement wrong. But honestly I'm not
sure. Usually the DOC is rihgt, so I'd have to configure in my lab. I'll try
it tommorow, unless you can do it now, or anyone else knows for sure.

----- Original Message -----
From: "Kirk Bollinger" <kirk@thebollingers.net>
To: "John Conzone" <jkconzone@home.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, October 01, 2000 2:07 AM
Subject: Re: Appletalk includes and within

> That makes sense but I don't understand the second example
>
> !do not permit pkts to be routed from networks 991 through 995
> access-l 601 permit within 991-995
>
> 1) is this just a typo on the DOC CD?
> 2) are the ranges inclusive or exclusive ie. will 991 OR 995 be permitted
> 3) Why dows the DOC say this denies 991 through 995??
>
> -Kirk
>
>
> On Sun, 1 Oct 2000, John Conzone wrote:
>
> > Kirk, the "includes" statement means that if any part of the cable
range
> > matches the include statement, permit or deny accordingly.
> >
> > Access-list 601 permit includes 970-990, means that a cable range of
975-995
> > will match (be permitted in this case) because the statement INCLUDES
> > networks in that range. If ANY network in the cable range matches what
is
> > specified with INCLUDE, then the whole cable range passes and the
applicable
> > conditon will be set. (permit or deny)
> >
> > Within means that the whole cable range must be within the range
> > specified in the statement.
> >
> > Access-list 601 permit within 970-990, means that the same cable range
of
> > 975-995 will NOT match because all networks in 975-990 do not fall
WITHIN
> > the range specified. A cable range of 975-985 would macth.
> >
> > Hope this helps.
> >
> > ----- Original Message -----
> > From: "Kirk Bollinger" <kirk@thebollingers.net>
> > To: <ccielab@groupstudy.com>
> > Sent: Sunday, October 01, 2000 1:31 AM
> > Subject: Appletalk includes and within
> >
> >
> > > Can someone shed some more light on the Appletalk access-list options
> > > include and within?
> > >
> > > >From the Cisco doc here is an example:
> > >
> > > !do not permit pkts to be routed from networks 970-990
> > > access-list 601 deny includes 970-990
> > >
> > > and then
> > >
> > > !do not permit pkts to be routed from networks 991 through 995
> > > access-l 601 permit within 991-995
> > >
> > > I just don't get it!
> > >
> > > Thanks!
> > > -Kirk
> > > 10 days left
> > >

• Next message: Steve McNutt: "RE: Appletalk includes and within"
• Previous message: Kirk Bollinger: "Re: Appletalk includes and within"
• Maybe in reply to: Kirk Bollinger: "Appletalk includes and within"
• Next in thread: Steve McNutt: "RE: Appletalk includes and within"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:22 GMT-3