RE: More about ACLs

From: Cameron, John (johcamer@cisco.com)
Date: Sat May 10 2003 - 15:09:49 GMT-3

• Next message: John Mistichelli: "Re: Catalyst 3550 problem"
• Previous message: Cameron, John: "RE: More about ACLs"
• Maybe in reply to: jfaure@sztele.com: "More about ACLs"
• Next in thread: Scott Morris: "RE: More about ACLs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Rats - your right. I tried an extended acl but that never seems to work
with distribute-lists.

Sorry,
JDC

-----Original Message-----
From: jfaure@sztele.com [mailto:jfaure@sztele.com]
Sent: Saturday, May 10, 2003 12:25 PM
To: Cameron, John
Cc: ccielab@groupstudy.com
Subject: RE: More about ACLs

John:

Your ACL is a bit more specific, because it watches the exact match in the
last octect. But this wasn't my question exactly. The question is how can
you do to ONLY allow the 3 odd networks AND WITH THE MASK /24 TOO. If i
understand you, your acl also allows these networks:

199.172.1.0/25
199.172.1.0/26
199.172.5.0/27
...

The kit is to only permit the 3 networks and only with the mask /24 .Then
you need an extended ACL i think, but i don't see very well how to do so.

Regards

Juan Faure Ferrer
email: jfaure@sztele.com

Lmnea de Negocio de Telematica y CC
Ingeniero de Integracisn de Redes y Sistemas
----------------------------------------------------------------------------

SOLUZIONA TELECOMUNICACIONES
Servicios Profesionales de UNION FENOSA
Jerez, 3
28016 MADRID
tel 91 579 30 00 fax 91 350 72 83
---------------------------------------------------------------------------

                    "Cameron,

                    John" Para: "'jfaure@sztele.com'"

                    <johcamer@cisc <jfaure@sztele.com>,
ccielab@groupstudy.com
                    o.com> cc:

                                         Asunto: RE: More about ACLs

                    10/05/03 16:23

Juan,

I think this would work better:

access-list 99 permit 199.172.1.0 0.0.20.0

Let me know what ya think.

JDC

-----Original Message-----
From: jfaure@sztele.com [mailto:jfaure@sztele.com]
Sent: Saturday, May 10, 2003 5:31 AM
To: ccielab@groupstudy.com
Subject: More about ACLs

Hi all:

I'm having some troubles with acls. Imagine you have these networks:

199.172.1.0/24
199.172.2.0/24
199.172.4.0/24
199.172.5.0/24
199.172.6.0/24
199.172.8.0/24
199.172.21.0/24

And you must filter, with the minimun number of lines in the ACL, and only
permit the odd networks (at the third octect, this is ONLY the 1, 5 and
21, not each possible odd subnet). Then you could do so with a standard
access list like this:

access-list 99 permit 199.172.1.0 0.0.20.255

However, this access-list also allows networks like 199.172.1.0/25
199.172.1.0/26 , etc. Imagine you want to be more specific and to match the
network mask too. Then you'd need an extended acl that only allows /24.
But, anyone can suggest how to construct it, if it's possible?

Regards

Juan Faure Ferrer
email: jfaure@sztele.com

Lmnea de Negocio de Telematica y CC
Ingeniero de Integracisn de Redes y Sistemas
----------------------------------------------------------------------------

SOLUZIONA TELECOMUNICACIONES
Servicios Profesionales de UNION FENOSA
Jerez, 3
28016 MADRID
tel 91 579 30 00 fax 91 350 72 83
---------------------------------------------------------------------------

• Next message: John Mistichelli: "Re: Catalyst 3550 problem"
• Previous message: Cameron, John: "RE: More about ACLs"
• Maybe in reply to: jfaure@sztele.com: "More about ACLs"
• Next in thread: Scott Morris: "RE: More about ACLs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:40 GMT-3