From: Tsvetan Bratinov (tsvetan_bratinov@bg.ibm.com)
Date: Wed Oct 15 2003 - 06:13:23 GMT-3
Hi group,
I have a question about ACL
In CCIE Practical studies Vol.1 in scenario Darth Reidis is such a
question:
Deny with as few lines as possible.
Deny FTP,HTTP from 131.24.194.x
Deny FTP,HTTP from 131.25.194.x
Deny FTP,HTTP from 135.152.1.1
Deny FTP,HTTP from 227.24.195.x
Deny FTP,HTTP from 131.24.194.x
Deny FTP,HTTP from 131.24.196.x
When I do the binary math it looks like :
10000011.00011000.11000010.x
10000011.00011001.11000010.x
10000111.10011000.00000001.0000001
11100011.00011000.11000010.x
10000011.00011000.11000011.x
10000011.00011000.11000100.x
and now becomes the nightmare:
1.Can I preform this in single line or I need to exclude the 135.152.1.1
from the math and to put it on single ACL line ?
2. When there is don't care in the calculated address I can choose 1
instead of 0.
For example the first octet can be 10000011 with mask 01100100 and it can
be 11100111
with mask 01100100. Am I wrong ? Is there rule about that ?
Best regards
Tsvetan Bratinov
IT Specialist, IBM Bulgaria
CCNP,CNE
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:53:02 GMT-3