Re: Access list wildcard mask

From: BEDA jain (bedup@xxxxxxxxxxx)
Date: Tue Mar 26 2002 - 13:59:06 GMT-3

• Next message: Giveortake@xxxxxxx: "OSPF Authentication"
• Previous message: Wright, Jeremy: "RE: OSPF P bit"
• Maybe in reply to: yakout esmat: "Access list wildcard mask"
• Next in thread: Manny Gonzalez: "Re: Access list wildcard mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
access-list 10 deny 198.5.48.0 0.0.2.255 this will block 48,49 and 50
access-list 10 deny 198.5.60.0 0.0.3.255 this will block 60,61,62,63
access-list 10 permit 198.5.48.0 0.0.14.255 this will permit all even in
48 - 64 but you already block 48,49,50,60-63.

if you need odd to prmit then do access-list 10 permit 198.5.49.0
0.0.14.255

rest will be implicit deny

try this and please let me know. i would like to know whether this works
or not.

BEDA PRAKASH JAIN Apartment address 1116 woodway bluff circle cary,nc
27513 9196789188 res 9193922891 work 9195220242 cell >From: Manny
Gonzalez >Reply-To: Manny Gonzalez >To: yakout esmat >CC:
ccielab@groupstudy.com >Subject: Re: Access list wildcard mask >Date:
Tue, 26 Mar 2002 09:01:05 -0500 > >Yakout, > >Sort of. You got lucky and
only those went through... but your access >list / wildcard combo (the
bottom one) also will allow > >1.1.2.1, 1.1.2.2, 1.1.2.3, .... snip ....
200.200.200.1, 200.200.200.2, >etc. etc. etc. > >I mean, every single
address in the first two octets, every even >numbered subnet in the third
octet and every single subnet in the last >octet (this assumes we are
talking about subnets... it can also work for >hosts... it all depends.
So let's assume we are in a vacuum :-)) > >The biggest problem is that
your range falls inside bit boundaries and >it is kind of difficult to
lock it down exactly. You could get away with >the following: >
>access-list 10 deny 198.5.0.0 0.0.31.255 >access-list 10 deny 198.5.32.0
0.0.15.255 >access-list 10 deny 198.5.48.0 0.0.3.255 >access-list 10 deny
198.5.60.0 0.0.3.255 >access-list 10 deny 198.5.64.0 0.0.63.255
>access-list 10 deny 198.5.128.0 0.0.127.255 >access-list 10 permit
198.5.0.0 0.0.254.255 > >This locks it in perfectly... There may be a
more efficient way and >someone will chime in with it if there is. But
this way you can >appreciate the difficulty of doing ranges that fall way
outside bit >boundaries. > >Manny Gonzalez >#9013 > > >yakout esmat
wrote: > > > > Hi all, > > > > I am still having problems with coming up
with generic wildcard mask for > > blocking odd or even networks, my
example: > > > > allow only even networks from 198.5.51.0/24 to
198.5.59.0/24 > > > > I tried the following: > > > > access-list 10
permit 198.5.1.0 0.0.254.255 which should permit odd (no > > success) > >
> > access-list 10 permit 198.5.0.0 0.0.254.255 which should permit even
(no > > success) > > > > access-list 10 permit 0.0.0.0 255.255.254.255
should permit even (IT WORKS) > > > > The way I see it, the concept is
just the same in all the above examples, > > why last one works and not
the others. > > > > Appreciate your input > > > > Ya > >

• Next message: Giveortake@xxxxxxx: "OSPF Authentication"
• Previous message: Wright, Jeremy: "RE: OSPF P bit"
• Maybe in reply to: yakout esmat: "Access list wildcard mask"
• Next in thread: Manny Gonzalez: "Re: Access list wildcard mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:22 GMT-3