From: Cameron, John (johcamer@cisco.com)
Date: Sat May 10 2003 - 11:23:20 GMT-3
Juan,
I think this would work better:
access-list 99 permit 199.172.1.0 0.0.20.0
Let me know what ya think.
JDC
-----Original Message-----
From: jfaure@sztele.com [mailto:jfaure@sztele.com]
Sent: Saturday, May 10, 2003 5:31 AM
To: ccielab@groupstudy.com
Subject: More about ACLs
Hi all:
I'm having some troubles with acls. Imagine you have these networks:
199.172.1.0/24
199.172.2.0/24
199.172.4.0/24
199.172.5.0/24
199.172.6.0/24
199.172.8.0/24
199.172.21.0/24
And you must filter, with the minimun number of lines in the ACL, and only
permit the odd networks (at the third octect, this is ONLY the 1, 5 and
21, not each possible odd subnet). Then you could do so with a standard
access list like this:
access-list 99 permit 199.172.1.0 0.0.20.255
However, this access-list also allows networks like 199.172.1.0/25
199.172.1.0/26 , etc. Imagine you want to be more specific and to match the
network mask too. Then you'd need an extended acl that only allows /24.
But, anyone can suggest how to construct it, if it's possible?
Regards
Juan Faure Ferrer
email: jfaure@sztele.com
Lmnea de Negocio de Telematica y CC
Ingeniero de Integracisn de Redes y Sistemas
----------------------------------------------------------------------------
SOLUZIONA TELECOMUNICACIONES
Servicios Profesionales de UNION FENOSA
Jerez, 3
28016 MADRID
tel 91 579 30 00 fax 91 350 72 83
---------------------------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:40 GMT-3