From: David (david_knot@xxxxxxxxx)
Date: Sat Dec 08 2001 - 04:07:43 GMT-3
Problem with 0.0.255.255 is that it would allow other
nets (e.g. 141.2.4.0 etc) to sneak pass as well. This
is something that may not be desired so I'd pratice
caution & allow only what is asked for.
--- Wade Edwards <wade.edwards@powerupnetworks.com>
wrote:
> You are correct. I didn't notice the first octet
> was different.
>
> So it would be better to utilize the three lines.
>
> Now with the 0.0.0.0 vs 0.0.255.255. It would work
> with 0.0.0.0 for
> routing but I usually put the correct wildcard mask
> so I know what the
> line will do and what I am trying to permit or deny.
>
> Just my way of doing it.
>
> L8r
>
> -----Original Message-----
> From: SFeldberg@edeltacom.com
> [mailto:SFeldberg@edeltacom.com]
> Sent: Friday, December 07, 2001 12:46 PM
> To: Wade Edwards
> Cc: ccielab@groupstudy.com; Courtney Alexander
> Foster; David;
> nobody@groupstudy.com
> Subject: RE: Filtering & Wildcard
>
>
> Wade,
>
> Your example only permits
>
> 140.1.0.0
> 140.2.0.0
> 140.3.0.0
>
> That was not the requirement. It seems that there
> is no way to
> summarize
>
> 140.1.0.0/16
> 141.2.0.0/16
> 142.3.0.0/16
>
> in less than 3 statements, but that was not the
> question. (we're all so
> eager to offer solutions, we don't read the
> question!) The original
> question was regarding the mask- 0.0.0.0 vs.
> 0.0.255.255. My
> understanding
> is that 0.0.0.0 will only permit the 3 network
> addresses explicitly
> defined, while 0.0.0.255 will permit
> network/host/broadcast addresses
> 140.1.0.0 - 140.1.255.255, 141.2.0.0 -
> 141.2.255.255, and 142.3.0.0 -
> 142.3.255.255. That would make 0.0.0.0 more
> applicable for route
> filtering, 0.0.255.255 applicable for traffic
> filtering.
>
> Steve
>
>
>
>
> "Wade Edwards"
>
> <wade.edwards@powerupnet
> To: "Courtney
> Alexander Foster" <cfoster@cnr.edu>, "David"
> works.com>
> <david_knot@yahoo.com>, <ccielab@groupstudy.com>
>
> Sent by:
> cc:
>
> nobody@groupstudy.com
> Subject: RE:
> Filtering & Wildcard
>
>
>
>
> 12/07/2001 01:32 PM
>
> Please respond to "Wade
>
> Edwards"
>
>
>
>
>
>
>
>
>
> Actually it should be:
> access-list 1 deny 140.0.0.0 0.0.255.255
> access-list 1 permit 140.0.0.0 0.3.255.255
>
> He only wanted 1, 2 and 3.
>
> L8r.
> -----Original Message-----
> From: Courtney Alexander Foster
> [mailto:cfoster@cnr.edu]
> Sent: Friday, December 07, 2001 11:44 AM
> To: David; ccielab@groupstudy.com
> Subject: RE: Filtering & Wildcard
>
> 140.0.0.0 0.3.255.255
>
> -----Original Message-----
> From: David
> Sent: Fri 12/7/2001 12:04 PM
> To: ccielab@groupstudy.com
> Cc:
> Subject: Filtering & Wildcard
>
>
>
> Guys
>
> If u are asked to allow say 3 routes
> (140.1.0.0,
> 141.2.0.0 & 142.3.0.0) in to your rack
> from a
> backbone. What type of wildcard would you
> use in ur
> ACL. Would the following be the best?
>
> access-list 1 permit 140.1.0.0 0.0.0.0
> access-list 1 permit 141.2.0.0 0.0.0.0
> access-list 1 permit 142.3.0.0 0.0.0.0
>
> OR:
>
> access-list 1 permit 140.1.0.0
> 0.0.255.255
> access-list 1 permit 141.2.0.0
> 0.0.255.255
> access-list 1 permit 142.3.0.0
> 0.0.255.255
>
> ?
>
> Thanks
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:40 GMT-3