From: Roberts, Larry (Larry.Roberts@xxxxxxxxxxxx)
Date: Fri May 31 2002 - 13:32:47 GMT-3
Can you tell us what your trying to do.
Access-lists use wildcard masks, not subnet masks ( unless your on a PIX,
that's a whole different story ! )
If you wanted to permit a specific IP ( 150.10.1.2 ) to go anyplace then you
would do:
Access-list 101 permit ip host 150.10.1.2 any
Or
Access-list 101 permit ip 150.10.1.2 0.0.0.0 any
Both are the same.
A 1 in the mask means I don't care, a 0 is an exact match.
The any is the same as saying:
X.x.x.x 255.255.255.255. Since you don't care ( 255 is all 1's ) the first
octect doesn't matter and will be re-written as
0.0.0.0 255.255.255.255 or "any"<-- most likely ( depends on code
version...)
Thanks
Larry
-----Original Message-----
From: Bruce Williams [mailto:bruce@williamsnetworking.com]
Sent: Friday, May 31, 2002 11:04 AM
To: Ccielab@Groupstudy. Com
Subject: access-list subnet mask mask
Can someone please tell me how to create an access-list that will specifiy
the exact size of the mask. I cannot remember how to do it and I cant find
it on CCO. It went something like this: access-lsit 101 permit ip 150.10.0.0
0.0.255.255 mask 255.255.0.0 0.0.255.255
Bruce Williams
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:13 GMT-3