Re: access-list

From: Nick Shah (nshah@xxxxxxxxxxxxxx)
Date: Thu Jul 11 2002 - 21:40:10 GMT-3

• Next message: C. Warren: "RE: Last Minute...Cisco CD"
• Previous message: Wright, Jeremy: "RE: arp cache"
• Maybe in reply to: Hemant_Kumar@xxxxxxxxxx: "access-list"
• Next in thread: Nate Van Maren: "Re: access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hemant

192.168.1.1 mask 0.0.0.254

convert 1 (in the network to binary) = 00000001 (u can convert any odd
number and it will end in binary 1)
convert 254 (in mask to binary) = 11111110

0 = exact match
1 = dont care
Remember all odd numbered networks end in 1 (binary) . So when we match and
make sure that every host ends in binary 1, we are actually matching all odd
hosts.

Same way with even numbers, every even number ends in a 0 (when u convert to
binary)

so for even number = 00000000
mask = 11111110

Here you care about the last digit as well, but you want it to be 0 (unlike
previous example).
There is one catch though, this will permit 0 as well (192.168.1.0). Its not
a prob. when you are dealing with hosts, but say if you are dealing with
networks (192.168.x.y where you have to permit if x is even) you should
explicitly deny 0.

Pl. let me know if you still dont understand

rgds

Nick
----- Original Message -----
From: <Hemant_Kumar@BERLEX.COM>
To: <ccielab@groupstudy.com>
Cc: "Fabrice Bobes" <study@6colabs.com>; <nobody@groupstudy.com>
Sent: Friday, July 12, 2002 9:36 AM
Subject: RE: access-list

> Thanks for all the replies. All of them pointing to same direction but i
> can't figure it out why?
>
> Can someone explain the logic behind it?
>
> My understanding is the 0 means match and 1s means do'nt care...so
>
> 192.168.1.0 0.0.0.254.255
>
> 192.168.00000001.Y
> 192.168.XXXXXXY.YYYYYYYY (X = match ; Y= do'nt care);
>
> So how will this only block the odd numbers...
>
> Can someone explain..
>
> Thanks
> Hemant
>
>
>
> "Fabrice
> Bobes"
> <study@6colab To: <Hemant_Kumar@BERLEX.COM>
> s.com> cc: <ccielab@groupstudy.com>
> Sent by: Subject:
> nobody@groups RE: access-list
> tudy.com
>
>
> 07/11/2002
> 09:51 PM
> Please
> respond to
> "Fabrice
> Bobes"
>
>
>
>
>
>
> Try this:
>
> access-list 1 permit 192.168.1.0 0.0.0.254
> Or
> access-list 1 deny 192.168.1.1 0.0.0.254
> Access-list 1 permit any
>
> Fabrice
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Hemant_Kumar@BERLEX.COM
> Sent: Thursday, July 11, 2002 12:13 PM
> To: ccielab@groupstudy.com
> Subject: access-list
>
>
> Hi all,
>
> This might a small problem but i am not able to figure it out.
>
> I have classs C address eg 192.168.1.0
>
> I would like to block all the workstation with odd numbers as their ip
> address? What is simplest way to achive this using access list.
>
> thanks

• Next message: C. Warren: "RE: Last Minute...Cisco CD"
• Previous message: Wright, Jeremy: "RE: arp cache"
• Maybe in reply to: Hemant_Kumar@xxxxxxxxxx: "access-list"
• Next in thread: Nate Van Maren: "Re: access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:27 GMT-3