From: Louis Krucker (lkrucker@xxxxxxxxxxxxxx)
Date: Sat Mar 30 2002 - 04:41:26 GMT-3
john, I think your solution is ok.
I am working also on that topic.
to permit the even Networks in
129.45.80.0 /24 Range
my solution: Access-list 1 permit 129.45.80.0 0.0.0.254 (permit all-even)
But if i need to permit the odd-numbered networks how i can do that?
access-list 1 perm 129.45.80.1 0.0.0.252 (permit all-odd) am i right?
regards
Louis
-----Ursprungliche Nachricht-----
Von: Jens Niklaus Fischer, IKOM Kommunikations- und Unternehmensberatung
[mailto:jfischer@ikom.ch]
Gesendet: Freitag, 29. Marz 2002 13:33
An: lkrucker@swissonline.ch
Betreff: ACL Mask Sanity Check
A lab that I'm working on asks me to create the following
access list:
"Allow IP traffic from odd-numbered hosts on the
172.16.80.128/25 network."
My reasoning is this: since we want to match odd-numbered
hosts the access-list should contain the first odd-numbered
host and then the proper inverse mask:
access-list 100 permit ip 172.16.80.129 0.0.0.126 any
I use .126 because we want to match on 129, which in binary is
10000001. Invert this and it becomes 01111110, meaning we want
exact matches of 1 on the first and last bits and we don't care
about what's in the middle.
Now, the solution for the scenario has the following:
access-list 100 permit ip 172.16.80.129 0.0.0.129 any
I think they're accidentally using a non-inverted mask, but I
wanted to run this past you guys just as a sanity check. I'm
getting punch-drunk from studying so much lately.
I *hate* this type of access list question. Who in their right
mind would ever do something this stupid?? :-) "If you're an
even-numbered host, we don't trust you, but if you're an odd-
numbered host we'll let you go anywhere!"
Thanks,
John
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:26 GMT-3