From: Robert Miller (rmiller@xxxxxxxxxxxx)
Date: Mon Apr 22 2002 - 15:19:35 GMT-3
David,
You are denying a source that includes every subnet
on the 182.0.0.0 network. You need to permit the
individual subnets first, then deny the supernet,
then permit any.
When you use the standard access-list,
it only denys the one address you have listed.
In this case it is 182.0.0.0, all other addresses
on the 182.x.x.x network would be allowed.
Later...
Robert Miller
---- David Wakeman <David.Wakeman@damovo.com> wrote:
> Hi group
>
>
>
> I have just read in the Cisco Field Config guide
pg.312 that to filter a
> supernet without losing subnets you need to use
extended access-list.
>
>
>
> You have to use the destination part as the
supernet mask. I tried this
> and got no result.
>
>
>
> access-list 161 deny ip 182.0.0.0 0.255.255.255
host 255.0.0.0 log
>
> access-list 161 permit ip any any
>
>
>
> The next thing I tried was
>
>
>
> access-list 17 deny 182.0.0.0
>
> access-list 17 permit any
>
>
>
> and this worked it left the two subnets intact.
>
>
>
> 182.16.0.0/24 is subnetted, 1 subnets
>
> C 182.16.0.0 is directly connected,
FastEthernet0/0
>
> 182.182.0.0/16 is variably subnetted, 2
subnets, 2 masks
>
> R 182.182.0.0/16 [120/1] via 182.16.0.6,
00:00:25, FastEthernet0/0
>
> R 182.182.182.0/24 [120/1] via 182.16.0.6,
00:00:25,
> FastEthernet0/0
>
>
>
> Hope this makes sense to somebody, if so can they
explain ?
>
>
>
> Regards,
>
>
>
> David Wakeman
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:16 GMT-3