From: Timothy Ouellette (timoue@xxxxxxxxx)
Date: Sat Jul 20 2002 - 05:28:47 GMT-3
Shawn, you've given me insight into something. What about this!
access-list 1 deny host 10.10.10.35
access-list 1 permit 10.10.10.32 0.0.0.3 <-- .35 denied already
access-list 1 deny 10.10.10.32 0.0.0.15
access-list 1 deny 10.10.10.48 0.0.0.1
access-list 1 permit any
How's that look? Maybe 3 possible solutions ?
Too late to think straight so please correct me.
TIm
On 18 Jul 2002 20:51:05 -0000, shawn.kaminski@eds.com ("Kaminski,
Shawn G") wrote:
>Too bad you couldn't use a block of addresses in this case. Unfortunately,
>you would have to use a block size of 32. You can't use a block of 16
>because a single block doesn't include all 15 of the hosts you want to deny
>(0-15, 16-31, 32-47, 48-63, etc.). If you could have used a block of 16, you
>would still be denying an additional host that you didn't want denied
>(providing all 15 of the hosts you wanted to deny fell in the same block).
>It's even worse with block size of 32 (0-31, 32-63, 64-95, etc.)
>
>access-list 50 deny 10.10.10.32 0.0.0.31
>
>The problem here is that you're also denying hosts 32-34 and hosts 50-63
>which makes this useless unless you don't care about the other hosts!
>
>Shawn K.
>
>-----Original Message-----
>From: Daniel Cotts [mailto:dcotts@ia.primustel.com]
>Sent: Thursday, July 18, 2002 3:19 PM
>To: cisco@groupstudy.com
>Subject: RE: ACL studying [7:49154]
>
>
>host 10.10.10.35
>10.10.10.36 0.0.0.3
>10.10.10.40 0.0.0.7
>10.10.10.48 0.0.0.1
>
>> -----Original Message-----
>> From: Persio Pucci [mailto:persiopucci@uol.com.br]
>> Sent: Thursday, July 18, 2002 1:19 PM
>> To: cisco@groupstudy.com
>> Subject: ACL studying [7:49154]
>>
>>
>> Folks,
>>
>> what would be the smallest way to put an ACL to filter, let's say, IPs
>> 10.10.10.35 to 10.10.10.49?
>>
>> (just want to check if I am doing it ok...)
>>
>> Persio
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:37 GMT-3