From: Narvaez, Pablo (Pablo.Narvaez@xxxxxxxxxxxxx)
Date: Fri May 31 2002 - 14:05:16 GMT-3
I think what he is trying to do is to use an ACL to match the exact mask which
sometimes you just can't do with "normal"
ACLs.
>It went something like this: access-lsit 101 permit ip 150.10.0.0
>0.0.255.255 mask 255.255.0.0 0.0.255.255
>From this example, I think you can configure it like:
access-list 101 permit ip 150.10.0.0 0.0.255.255 host 255.255.0.0
or
access-list 101 permit ip host 150.10.0.0 host 255.255.0.0
Please correct me if wrong, and Bruce let us know how it goes.
Cheers,
hockito
-----Original Message-----
From: Roberts, Larry [mailto:Larry.Roberts@expanets.com]
Sent: Viernes, 31 de Mayo de 2002 11:33 a.m.
To: 'Bruce Williams'; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask
Can you tell us what your trying to do.
Access-lists use wildcard masks, not subnet masks ( unless your on a PIX,
that's a whole different story ! )
If you wanted to permit a specific IP ( 150.10.1.2 ) to go anyplace then you
would do:
Access-list 101 permit ip host 150.10.1.2 any
Or
Access-list 101 permit ip 150.10.1.2 0.0.0.0 any
Both are the same.
A 1 in the mask means I don't care, a 0 is an exact match.
The any is the same as saying:
X.x.x.x 255.255.255.255. Since you don't care ( 255 is all 1's ) the first
octect doesn't matter and will be re-written as
0.0.0.0 255.255.255.255 or "any"<-- most likely ( depends on code
version...)
Thanks
Larry
-----Original Message-----
From: Bruce Williams [mailto:bruce@williamsnetworking.com]
Sent: Friday, May 31, 2002 11:04 AM
To: Ccielab@Groupstudy. Com
Subject: access-list subnet mask mask
Can someone please tell me how to create an access-list that will specifiy
the exact size of the mask. I cannot remember how to do it and I cant find
it on CCO. It went something like this: access-lsit 101 permit ip 150.10.0.0
0.0.255.255 mask 255.255.0.0 0.0.255.255
Bruce Williams
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:13 GMT-3