RE: selecting based on SN-mask in ACL

From: Gregory W. Posey Jr. (gposey@xxxxxxxxxxx)
Date: Thu Aug 02 2001 - 09:24:24 GMT-3

• Next message: OCTAVIO RODRIGUEZ MARTIN: "Is it possible to do something like policy routing with a PIX firewall?"
• Previous message: Markus Kut: "Re: Filter connected interface in IGRP"
• Maybe in reply to: SPIKKER,FRED (HP-Netherlands,ex1): "selecting based on SN-mask in ACL"
• Next in thread: Ademola Osindero: "Re: selecting based on SN-mask in ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
The host 255.255.255.255 is to deny broadcasts (All 1's)

Thank you,
Greg Posey Jr.
CONECTS Network Analyst
CCNP - Security Specialist
Cisco Voice Access Specialist
313-875-2088 ext. 347
www.conects.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Bruno Poussard
Sent: Thursday, August 02, 2001 5:22 AM
To: ccielab@groupstudy.com
Subject: RE: selecting based on SN-mask in ACL

An extended access-list in a route-map (or a suppress-map which is a kind of
route-map) is used like this :

Source@ip + Source Wilcard = Network@ip + wildcard
Destination@ip + Destination Wildcard = Subnet + wildcard from previously
network

In your case the first part is Network@ip + wildcard = 0.0.0.0
255.255.255.255 and the 2nd part is Subnet + wildcard = 255.255.255.255
0.0.0.0
That is any network or host with a mask of exactly 255.255.255.255

Try to see if it does make sense in your lab

Bruno #6424

-----Message d'origine-----
De : nobody@groupstudy.com [mailto:nobody@groupstudy.com]De la part de
SPIKKER,FRED (HP-Netherlands,ex1)
Envoyi : jeudi 2 ao{t 2001 10:49
@ : ccielab@groupstudy.com
Objet : selecting based on SN-mask in ACL

Hi all,

When looking at suppress maps for BGP, I ran into an ACL-line that I find
hard to understand (though it works!).
Can anyone try to explain this to me?

"access-list 110 deny ip any host 255.255.255.255"

I would translate it into english like: "deny from any source to a host with
dest. ip address 255.255.255.255."

Apparently, it should be something like: " deny any source with SN mask of
255.255.255.255"

I could learn this line by heart for implementing suppress maps, but rather
understand what I'm doing..

So please let me know.

Thanks!

Fred.
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: OCTAVIO RODRIGUEZ MARTIN: "Is it possible to do something like policy routing with a PIX firewall?"
• Previous message: Markus Kut: "Re: Filter connected interface in IGRP"
• Maybe in reply to: SPIKKER,FRED (HP-Netherlands,ex1): "selecting based on SN-mask in ACL"
• Next in thread: Ademola Osindero: "Re: selecting based on SN-mask in ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:43 GMT-3