RE: access-list subnet mask mask

From: Treptow, Georg (gxtrept@xxxxxxxxx)
Date: Tue Jun 04 2002 - 22:49:55 GMT-3


   
I believe it would = 150.10.0.0 0.0.255.255

Georg

-----Original Message-----
From: Jonathan Natale [mailto:jonatale@earthlink.net]
Sent: Tuesday, June 04, 2002 11:17 PM
To: Bruce Williams; Narvaez, Pablo; Roberts, Larry; Ccielab@Groupstudy.
Com
Subject: RE: access-list subnet mask mask

I think "ip prefix-list LIST seq 10 per 150.10.0.0/16" ==
"access-list 101 permit ip 150.10.0.0 0.0.0.0 255.255.0.0 0.0.0.0"
right?

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Bruce Williams
Sent: Friday, May 31, 2002 2:04 PM
To: Narvaez, Pablo; Roberts, Larry; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask

Your right I am trying to match the exact mask. I have the answer. I already
knew about the prefix list solution, but I wanted to know how to do it with
an access-list also.

Here it is.

Two ways to do this.

access-list 101 permit ip 150.10.0.0 0.0.255.255 host 255.255.0.0

or use a prefix list
ip prefix-list LIST seq 10 per 150.10.0.0/16

Bruce Williams

-----Original Message-----
From: Narvaez, Pablo [mailto:Pablo.Narvaez@getronics.com]
Sent: Friday, May 31, 2002 1:05 PM
To: Roberts, Larry; Bruce Williams; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask

I think what he is trying to do is to use an ACL to match the exact mask
which sometimes you just can't do with "normal"
ACLs.

>It went something like this: access-lsit 101 permit ip 150.10.0.0
>0.0.255.255 mask 255.255.0.0 0.0.255.255

>From this example, I think you can configure it like:

access-list 101 permit ip 150.10.0.0 0.0.255.255 host 255.255.0.0

or

access-list 101 permit ip host 150.10.0.0 host 255.255.0.0

Please correct me if wrong, and Bruce let us know how it goes.

Cheers,

hockito

-----Original Message-----
From: Roberts, Larry [mailto:Larry.Roberts@expanets.com]
Sent: Viernes, 31 de Mayo de 2002 11:33 a.m.
To: 'Bruce Williams'; Ccielab@Groupstudy. Com
Subject: RE: access-list subnet mask mask

Can you tell us what your trying to do.
Access-lists use wildcard masks, not subnet masks ( unless your on a PIX,
that's a whole different story ! )

If you wanted to permit a specific IP ( 150.10.1.2 ) to go anyplace then you
would do:

Access-list 101 permit ip host 150.10.1.2 any
Or
Access-list 101 permit ip 150.10.1.2 0.0.0.0 any
Both are the same.

A 1 in the mask means I don't care, a 0 is an exact match.
The any is the same as saying:

X.x.x.x 255.255.255.255. Since you don't care ( 255 is all 1's ) the first
octect doesn't matter and will be re-written as
0.0.0.0 255.255.255.255 or "any"<-- most likely ( depends on code
version...)

Thanks

Larry

-----Original Message-----
From: Bruce Williams [mailto:bruce@williamsnetworking.com]
Sent: Friday, May 31, 2002 11:04 AM
To: Ccielab@Groupstudy. Com
Subject: access-list subnet mask mask

Can someone please tell me how to create an access-list that will specifiy
the exact size of the mask. I cannot remember how to do it and I cant find
it on CCO. It went something like this: access-lsit 101 permit ip 150.10.0.0
0.0.255.255 mask 255.255.0.0 0.0.255.255

Bruce Williams



This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:24 GMT-3