From: Erick B. (erickbe@xxxxxxxxx)
Date: Sun Oct 01 2000 - 19:07:03 GMT-3
It is inclusive. I looked it up in "Cisco IOS
Solutions For Network Protocols Volume II. IPX,
AppleTalk, and More" - Pages 107-109 or so... Appears
there may be a error in the reference he is using.
The following example permits cable ranges in the
range 10-20. For example, 13 to 16 is permitted but 17
to 25 is not. The second line permits all other
packets.
access-list 600 permit within 10-20
access-list 600 permit other-access
HTH, Erick
--- John Conzone <jkconzone@home.com> wrote:
> Kirk, thats a good question, the answer to which
> I don't know.
> I just read the IOS command reference, and it says:
>
> "To define an AppleTalk access list for an extended
> or a nonextended network
> whose network number or cable range is included
> entirely within the
> specified cable range, use the access-list within
> command in global
> configuration mode. To remove this access list, use
> the no form of this
> command."
>
> To me that means that it should include the
> begginning and ending cable
> range, which would make the second statement wrong.
> But honestly I'm not
> sure. Usually the DOC is rihgt, so I'd have to
> configure in my lab. I'll try
> it tommorow, unless you can do it now, or anyone
> else knows for sure.
>
>
> ----- Original Message -----
> From: "Kirk Bollinger" <kirk@thebollingers.net>
> To: "John Conzone" <jkconzone@home.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Sunday, October 01, 2000 2:07 AM
> Subject: Re: Appletalk includes and within
>
>
> > That makes sense but I don't understand the second
> example
> >
> > !do not permit pkts to be routed from networks 991
> through 995
> > access-l 601 permit within 991-995
> >
> > 1) is this just a typo on the DOC CD?
> > 2) are the ranges inclusive or exclusive ie. will
> 991 OR 995 be permitted
> > 3) Why dows the DOC say this denies 991 through
> 995??
> >
> > -Kirk
> >
> >
> > On Sun, 1 Oct 2000, John Conzone wrote:
> >
> > > Kirk, the "includes" statement means that if
> any part of the cable
> range
> > > matches the include statement, permit or deny
> accordingly.
> > >
> > > Access-list 601 permit includes 970-990, means
> that a cable range of
> 975-995
> > > will match (be permitted in this case) because
> the statement INCLUDES
> > > networks in that range. If ANY network in the
> cable range matches what
> is
> > > specified with INCLUDE, then the whole cable
> range passes and the
> applicable
> > > conditon will be set. (permit or deny)
> > >
> > > Within means that the whole cable range must
> be within the range
> > > specified in the statement.
> > >
> > > Access-list 601 permit within 970-990, means
> that the same cable range
> of
> > > 975-995 will NOT match because all networks in
> 975-990 do not fall
> WITHIN
> > > the range specified. A cable range of 975-985
> would macth.
> > >
> > > Hope this helps.
> > >
> > > ----- Original Message -----
> > > From: "Kirk Bollinger" <kirk@thebollingers.net>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Sunday, October 01, 2000 1:31 AM
> > > Subject: Appletalk includes and within
> > >
> > >
> > > > Can someone shed some more light on the
> Appletalk access-list options
> > > > include and within?
> > > >
> > > > >From the Cisco doc here is an example:
> > > >
> > > > !do not permit pkts to be routed from networks
> 970-990
> > > > access-list 601 deny includes 970-990
> > > >
> > > > and then
> > > >
> > > > !do not permit pkts to be routed from networks
> 991 through 995
> > > > access-l 601 permit within 991-995
> > > >
> > > > I just don't get it!
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:22 GMT-3