From: Hemant_Kumar@xxxxxxxxxx
Date: Tue Jul 16 2002 - 20:39:29 GMT-3
Darek,
Very good explaination. Can you direct me where i can get more information
on this. I have been looking for such explaination but never found any
document that would explain it.
Thanks
HK
Darek Kuzma
<darekk@opton
line.net> To: ccielab@groupstudy.com
Sent by: cc:
nobody@groups Subject:
tudy.com Re: ACL fewest numbers of lines
07/17/2002
12:41 AM
Please
respond to
Darek Kuzma
Alex,
We can write one line ACL which will deny networks you specified but it
will also deny the whole bunch of other IPs.
Assuming that listed networks are /24s ACL is:
deny ip 128.3.1.0 109.252.56.255
Formula is:
write all adresses in binary one under another
10001100.11000111.00111001.00000000
10100001.11000111.00111001.00000000
11001001.00111011.00000001.00000000
11001001.00111111.00000001.00000000
if in a column we have all "0" or all "1" it means that wildcard mask
must be 0 - care; 1 otherwise:
01101101.11111100.00111001.11111111 (last octet is 255 because of
assumtion of /24 networks)
if mask bit=0 network bit is 0 or 1 depending whether bit was all "0" or
all "1" (because we "care")
if mask bit=1 network bit is 0 or 1 (anyway mask is "don't care). I'm
putting all "0"
10000000.00000011.00000001.00000000
result is: 128.3.1.0 109.252.56.255
Thanks,
Darek Kuzma
Alex wrote:
> Requirement:
>
> Create an access list with the fewest numbers of lines to deny.
>
> 140.199.57.0
> 161.199.57.0
> 201.59.1.0
> 201.63.1.0
>
> I can do it in 3 lines but I believe that there is a way to do it in 1
>
> line? any body know?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:33 GMT-3