From: Jack.W.Parks@xxxxxxxxxx
Date: Tue Jun 04 2002 - 22:46:52 GMT-3
correct.
-----Original Message-----
From: Jonathan Natale
Sent: Tue 6/4/2002 11:16 PM
To: Bruce Williams; Narvaez, Pablo; Roberts, Larry;
Ccielab@Groupstudy. Com
Cc:
Subject: RE: access-list subnet mask mask
I think "ip prefix-list LIST seq 10 per 150.10.0.0/16" ==
"access-list 101 permit ip 150.10.0.0 0.0.0.0 255.255.0.0
0.0.0.0"
right?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf Of
Bruce Williams
Sent: Friday, May 31, 2002 2:04 PM
To: Narvaez, Pablo; Roberts, Larry; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask
Your right I am trying to match the exact mask. I have the
answer. I already
knew about the prefix list solution, but I wanted to know how to
do it with
an access-list also.
Here it is.
Two ways to do this.
access-list 101 permit ip 150.10.0.0 0.0.255.255 host
255.255.0.0
or use a prefix list
ip prefix-list LIST seq 10 per 150.10.0.0/16
Bruce Williams
-----Original Message-----
From: Narvaez, Pablo [mailto:Pablo.Narvaez@getronics.com]
Sent: Friday, May 31, 2002 1:05 PM
To: Roberts, Larry; Bruce Williams; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask
I think what he is trying to do is to use an ACL to match the
exact mask
which sometimes you just can't do with "normal"
ACLs.
>It went something like this: access-lsit 101 permit ip
150.10.0.0
>0.0.255.255 mask 255.255.0.0 0.0.255.255
From this example, I think you can configure it like:
access-list 101 permit ip 150.10.0.0 0.0.255.255 host
255.255.0.0
or
access-list 101 permit ip host 150.10.0.0 host 255.255.0.0
Please correct me if wrong, and Bruce let us know how it goes.
Cheers,
hockito
-----Original Message-----
From: Roberts, Larry [mailto:Larry.Roberts@expanets.com]
Sent: Viernes, 31 de Mayo de 2002 11:33 a.m.
To: 'Bruce Williams'; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask
Can you tell us what your trying to do.
Access-lists use wildcard masks, not subnet masks ( unless your
on a PIX,
that's a whole different story ! )
If you wanted to permit a specific IP ( 150.10.1.2 ) to go
anyplace then you
would do:
Access-list 101 permit ip host 150.10.1.2 any
Or
Access-list 101 permit ip 150.10.1.2 0.0.0.0 any
Both are the same.
A 1 in the mask means I don't care, a 0 is an exact match.
The any is the same as saying:
X.x.x.x 255.255.255.255. Since you don't care ( 255 is all 1's )
the first
octect doesn't matter and will be re-written as
0.0.0.0 255.255.255.255 or "any"<-- most likely ( depends on
code
version...)
Thanks
Larry
-----Original Message-----
From: Bruce Williams [mailto:bruce@williamsnetworking.com]
Sent: Friday, May 31, 2002 11:04 AM
To: Ccielab@Groupstudy. Com
Subject: access-list subnet mask mask
Can someone please tell me how to create an access-list that
will specifiy
the exact size of the mask. I cannot remember how to do it and I
cant find
it on CCO. It went something like this: access-lsit 101 permit
ip 150.10.0.0
0.0.255.255 mask 255.255.0.0 0.0.255.255
Bruce Williams
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:24 GMT-3