RE: Complex Access-list

From: Wu, Sean (sean.wu@xxxxxxxxxxxxxx)
Date: Tue Feb 19 2002 - 11:45:47 GMT-3

• Next message: Church, Chuck: "RE: help w/demand circuit for x^99999 time"
• Previous message: Jim Newton: "RE: That Old OSPF-IGRP Problem"
• Maybe in reply to: Kang BS: "Complex Access-list"
• Next in thread: Brian McGahan: "Re: Complex Access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I have a dumn question here.

In your access-list 100, does 200.0.3.0 0.255.0.255 take care of network
portion, and 255.255.255.0 0.0.0.128 takes care of mask portion?

This is different from what access-list looks like normally. I thought the
2nd portion "255.255.255.0 0.0.0.128" takes care of destination address
only.

Could anybody clarify this for me

thanks.

Sean Wu

-----Original Message-----
From: Bogus [mailto:ccie@cns-hawaii.com]
Sent: Monday, February 18, 2002 12:48 AM
Cc: ccielab@groupstudy.com
Subject: RE: Complex Access-list

By far, I think your answer is the most accurate of them all, the only thing
that I would have done to it is -

access-list 100 permit ip 200.0.3.0 0.255.0.255 255.255.255.0 0.0.0.128
That way he can get the some of the other subnets in his fourth octect.

Stanford

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brian McGahan
Sent: Sunday, February 17, 2002 6:53 PM
To: Sandro Ciffali; Carolyn Camarda; Kang BS
Cc: ccielab@groupstudy.com
Subject: Re: Complex Access-list

if you want to advertise 200.x.3.0, where x is any number, this would
include 200.6.3.0/25.

If you are trying to match:
200.3.3.0/24
200.4.3.0/24
200.6.3.0/25

your list should read: access-list 100 permit ip 200.0.3.0 0.255.0.0
255.255.255.0 0.0.0.128 if you X is any number.

An even more specific match to these 5 networks would be: access-list 100
permit ip 200.0.3.0 0.7.0.0 255.255.255.0 0.0.0.128

It depends how specific a range you're trying to match though. The above
list will only allow prefix lengths of /24 and /25

HTH

Brian McGahan
CCIE #8593
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625

**************************************************************************
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.

• Next message: Church, Chuck: "RE: help w/demand circuit for x^99999 time"
• Previous message: Jim Newton: "RE: That Old OSPF-IGRP Problem"
• Maybe in reply to: Kang BS: "Complex Access-list"
• Next in thread: Brian McGahan: "Re: Complex Access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:27 GMT-3