From: Darek Kuzma (darekk@xxxxxxxxxxxxx)
Date: Tue Jul 16 2002 - 19:41:49 GMT-3
Alex,
We can write one line ACL which will deny networks you specified but it
will also deny the whole bunch of other IPs.
Assuming that listed networks are /24s ACL is:
deny ip 128.3.1.0 109.252.56.255
Formula is:
write all adresses in binary one under another
10001100.11000111.00111001.00000000
10100001.11000111.00111001.00000000
11001001.00111011.00000001.00000000
11001001.00111111.00000001.00000000
if in a column we have all "0" or all "1" it means that wildcard mask
must be 0 - care; 1 otherwise:
01101101.11111100.00111001.11111111 (last octet is 255 because of
assumtion of /24 networks)
if mask bit=0 network bit is 0 or 1 depending whether bit was all "0" or
all "1" (because we "care")
if mask bit=1 network bit is 0 or 1 (anyway mask is "don't care). I'm
putting all "0"
10000000.00000011.00000001.00000000
result is: 128.3.1.0 109.252.56.255
Thanks,
Darek Kuzma
Alex wrote:
> Requirement:
>
> Create an access list with the fewest numbers of lines to deny.
>
> 140.199.57.0
> 161.199.57.0
> 201.59.1.0
> 201.63.1.0
>
> I can do it in 3 lines but I believe that there is a way to do it in 1
>
> line? any body know?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:33 GMT-3