RE:

From: McClure, Allen (Allen.McClure@Tricon-Yum.Com)
Date: Thu Oct 03 2002 - 17:28:37 GMT-3

• Next message: Remm Ikj: "Lab Seat"
• Previous message: MADMAN: "Re:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That type of thing is fairly common on the practices labs and one might
assume on the real lab.

It is indeed a valid filter, so be sure to understand how and why it
works.

Intent is irrelevant.

Allen McClure
MCSE, CCNP, CCDP
YUM! Brands, Inc.
Sr. Network Analyst
NEW E-Mail - mailto:allen.mcclure@yum.com
972-338-7494

-----Original Message-----
From: Willy Schoots [mailto:w.schoots@chello.nl]
Sent: Thursday, October 03, 2002 1:45 PM
To: 'MADMAN'; 'Georg Pauwen'
Cc: chenyan@deeptht.com.cn; ccielab@groupstudy.com
Subject: RE:

You might see something similar to this in the real world. CiscoWorks
has a module called ACL manager (part of the RWAN bundle). This module
can "optimize your access-lists". Part of this is that it creates
"weird" access-lists wildcards to combine multiple entries.

Lets say you denied some traffic to some hosts on a subnet:

Deny 10.16.128.4 0.0.0.3
Deny 10.16.128.20 0.0.0.3

This would result in deny 10.16.128.4 0.0.0.19 after using the ACL
manager optimization. This is correct, but when troubleshooting issues
might "surprise" many engineers.

Cheers,

Willy Schoots

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
MADMAN
Sent: donderdag 3 oktober 2002 20:14
To: Georg Pauwen
Cc: chenyan@deeptht.com.cn; ccielab@groupstudy.com
Subject: Re:

  That might very well be but I have never seen this done except for
acedemic reasons on this list and I imagine you know the actual intent
as well as I.

  Dave

Georg Pauwen wrote:
>
> I don4t agree: they want to allow everything, but in the third octet
they
> want to allow only the even networks.
>
> Georg
>
> >From: MADMAN <dave@interprise.com>
> >Reply-To: MADMAN <dave@interprise.com>
> >To: chenyan <chenyan@deeptht.com.cn>
> >CC: ccielab <ccielab@groupstudy.com>
> >Subject: Re: Date: Thu, 03 Oct 2002 10:27:49 -0500
> >
> > I would guess the person types as well a I ;) Seriously I would
think
> >they meant to permit all.
> >
> > Dave
> >
> >chenyan wrote:
> > >
> > > hi,guys
> > > what's mean the following acl?
> > > access-list 1 permit 0.0.0.0 255.255.254.255
> > >
> > > Thanks
> >
> >--
> >David Madland
> >CCIE# 2016
> >Sr. Network Engineer
> >Qwest Communications
> >612-664-3367
> >
> >"You don't make the poor richer by making the rich poorer." --Winston

> >Churchill
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com

-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367
"You don't make the poor richer by making the rich poorer." --Winston
Churchill
This communication is confidential and may be legally privileged.  If you are not the intended recipient, (i) please do not read or disclose to others, (ii) please notify the sender by reply mail, and (iii) please delete this communication from your system.  Failure to follow this process may be unlawful.  Thank you for your cooperation.

• Next message: Remm Ikj: "Lab Seat"
• Previous message: MADMAN: "Re:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:38 GMT-3