From: Scott Morris (swm@xxxxxxxxxx)
Date: Wed Jul 17 2002 - 12:11:32 GMT-3
Yeah, but the alternative permits you would have to put in would make it
a whole lot longer.. Very sloppy. :)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Darek Kuzma
Sent: Tuesday, July 16, 2002 6:42 PM
To: ccielab@groupstudy.com
Subject: Re: ACL fewest numbers of lines
Alex,
We can write one line ACL which will deny networks you specified but it
will also deny the whole bunch of other IPs.
Assuming that listed networks are /24s ACL is:
deny ip 128.3.1.0 109.252.56.255
Formula is:
write all adresses in binary one under another
10001100.11000111.00111001.00000000
10100001.11000111.00111001.00000000
11001001.00111011.00000001.00000000
11001001.00111111.00000001.00000000
if in a column we have all "0" or all "1" it means that wildcard mask
must be 0 - care; 1 otherwise:
01101101.11111100.00111001.11111111 (last octet is 255 because of
assumtion of /24 networks)
if mask bit=0 network bit is 0 or 1 depending whether bit was all "0" or
all "1" (because we "care") if mask bit=1 network bit is 0 or 1 (anyway
mask is "don't care). I'm putting all "0"
10000000.00000011.00000001.00000000
result is: 128.3.1.0 109.252.56.255
Thanks,
Darek Kuzma
Alex wrote:
> Requirement:
>
> Create an access list with the fewest numbers of lines to deny.
>
> 140.199.57.0
> 161.199.57.0
> 201.59.1.0
> 201.63.1.0
>
> I can do it in 3 lines but I believe that there is a way to do it in 1
>
> line? any body know?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:34 GMT-3