RE: ACL Tips and Tricks

From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Tue Mar 11 2003 - 22:49:24 GMT-3

• Next message: eric: "num-exp"
• Previous message: ccie_studying: "Re: How to describe a As-path begin with AS 85?"
• Maybe in reply to: Voss, David: "ACL Tips and Tricks"
• Next in thread: CCIE FUN: "RE: ACL Tips and Tricks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I see 3 lines in this case. The 66.44.45.0 and 66.44.47.0 can be made into
one ACL statement. The 45.111.111.0 and 64.111.111.0 have too many different
bits, they both have to have their own ACL.

The person who mentioned changing the octets to binary and then noticing how
many bits were different was really on to something.

Between 2 networks, if there is one bit different then you can summarize the
2 networks in a single ACL with no other networks qualifying.

Any ODD number (other than 1) - or number that is not a power of 2 - of
networks cannot be summarized without at least 1 other network sneaking in.

If you have 4 networks and the difference is 2 bit positions, the same bit
positions in all 4 networks -- they will summarize.

If you have 8 networks and the difference is 3 bit positions, the same bit
positions in each network -- they will summarize.

If you have 16 networks and the difference is 4 bit positions, the same bit
positions in each network -- they will summarize.

und so weiter, und so weiter.....

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Voss, David
Sent: Tuesday, March 11, 2003 2:59 PM
To: ccielab@groupstudy.com
Subject: RE: ACL Tips and Tricks

Thanks for the responses. I am bumping into questions stating "create an
ACL using the minimum number of commands"

permit 66.44.45.0
permit 66.44.47.0
permit 45.111.111.0
permit 64.111.111.0

I still have to create 4 lines in the ACL, as long as they are requesting
that 'all other subnets' must be denied, I can't simply summarize or use
fewer lines than 4.

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Tuesday, March 11, 2003 1:34 PM
To: Voss, David; ccielab@groupstudy.com
Subject: RE: ACL Tips and Tricks

199 = 11000111
204 = 11001100

There are 3 bits of difference between the two, so it is impossible to
summarize them in one statement without including extraneous routes.

Enjoy!

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Voss, David
Sent: Tuesday, March 11, 2003 12:49 PM
To: ccielab@groupstudy.com
Subject: ACL Tips and Tricks

Permit the following subnets in an ACL with only 1 command... and deny
all other subnets.... I don't believe this can be done with 1 command.
Maybe someone can give it a shot?

204.95.160.0/24
199.95.160.0/24

• Next message: eric: "num-exp"
• Previous message: ccie_studying: "Re: How to describe a As-path begin with AS 85?"
• Maybe in reply to: Voss, David: "ACL Tips and Tricks"
• Next in thread: CCIE FUN: "RE: ACL Tips and Tricks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:37 GMT-3