From: Darek Kuzma (darekk@xxxxxxxxxxxxx)
Date: Tue Jul 16 2002 - 20:51:34 GMT-3
Not really.
I just wrote everything in binary and made up the formula. It is just a
math.
Darek
Hemant_Kumar@BERLEX.COM wrote:
> Darek,
> Very good explaination. Can you direct me where i can get more
> information
> on this. I have been looking for such explaination but never found
> any
> document that would explain it.
>
> Thanks
> HK
>
>
> Darek Kuzma
> <darekk@opton
> line.net> To: ccielab@groupstudy.com
> Sent by: cc:
> nobody@groups Subject:
> tudy.com Re: ACL fewest numbers of
> lines
>
>
> 07/17/2002
> 12:41 AM
> Please
> respond to
> Darek Kuzma
>
>
>
> Alex,
> We can write one line ACL which will deny networks you specified but
> it
> will also deny the whole bunch of other IPs.
>
> Assuming that listed networks are /24s ACL is:
>
> deny ip 128.3.1.0 109.252.56.255
>
> Formula is:
> write all adresses in binary one under another
>
> 10001100.11000111.00111001.00000000
> 10100001.11000111.00111001.00000000
> 11001001.00111011.00000001.00000000
> 11001001.00111111.00000001.00000000
>
> if in a column we have all "0" or all "1" it means that wildcard mask
> must be 0 - care; 1 otherwise:
>
> 01101101.11111100.00111001.11111111 (last octet is 255 because of
> assumtion of /24 networks)
>
> if mask bit=0 network bit is 0 or 1 depending whether bit was all "0"
> or
> all "1" (because we "care")
> if mask bit=1 network bit is 0 or 1 (anyway mask is "don't care). I'm
> putting all "0"
>
> 10000000.00000011.00000001.00000000
>
> result is: 128.3.1.0 109.252.56.255
>
> Thanks,
> Darek Kuzma
>
> Alex wrote:
>
> > Requirement:
> >
> > Create an access list with the fewest numbers of lines to deny.
> >
> > 140.199.57.0
> > 161.199.57.0
> > 201.59.1.0
> > 201.63.1.0
> >
> > I can do it in 3 lines but I believe that there is a way to do it in
> 1
> >
> > line? any body know?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:33 GMT-3