RE: Access List

From: pbubienczyk@szczesliwice.pl
Date: Fri Feb 06 2004 - 13:13:13 GMT-3

• Next message: Winston V. Shaw: "Re: RE: Access List"
• Previous message: Scott Morris: "RE: Access List"
• Maybe in reply to: richardyun@adelphia.net: "Access List"
• Next in thread: Winston V. Shaw: "Re: RE: Access List"
• Maybe reply: Winston V. Shaw: "Re: RE: Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Scott

access-list will match 16384 networks if we'll write it in just one statement
104.0.0.0 23.59.55.0 (and between this 16384 there will be this 4 mentioned
below)

why 121.10.17.0 & 122.35.35.0 can't be summarized - in my opinion they can be -
it will produce 256 matching networks - you're right net should be 120.2.1.0
(instead 112.2.1.0) and wildcard mask 3.41.50.0

the 2nd and 4th also can be summarized - and this summarization will produce 4
networks matching this ACL

please - correct me if I'm wrong

thank you for your help - pb

Quoting Scott Morris <swm@emanon.com>:

> Is overlapping 16,384 networks much better than overlapping 256 networks???
> (3 = 2 bits, 41 = 3 bits, 50 = 3 bits --> 8 bits total)
>
> 121.10.17.0
> 122.35.35.0
>
> Those two do not summarize together. But you have your mask/network wrong
> anyway...
>
> Even the nicely paired 2nd and 4th there still has 2 bits of difference
> total, meaning you'll get 4 matches to your mask!
> (111.16, 111.24, 127.16, 127.24)
>
> Either way though, you're hosed on those. But you're correct with your
> first statement... They can't be done in two lines!
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
> JNCIS, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> pbubienczyk@szczesliwice.pl
> Sent: Friday, February 06, 2004 4:47 AM
> To: richardyun@adelphia.net
> Cc: ccielab@groupstudy.com
> Subject: Re: Access List
>
> Hello
> There is no way to block ONLY this networks with 2 access-lists
> statements.
> With overlaping networks you could write your access-list with one line
> (but it'll overlap 16384 networks) :
> permit 104.0.0.0 23.59.55.0 - if my manual calculatioms are correct :)
> or with two (summarizing 1st add with 3rd and 2nd with 4th) :
> permit 112.2.1.0 3.41.50.0
> permit 111.16.6.0 16.8.0.0
>
> there is a nice acces-list white paper on internetworkexpert site
>
> hth - pb
>
> Quoting richardyun@adelphia.net:
>
> > Hello,
> >
> > How can I block the following networks from going out of particular
> > interface
> >
> > (say serial 1 on a router) using just two lines for access-list ?
> >
> > 121.10.17.0
> > 127.24.6.0
> > 122.35.35.0
> > 111.16.6.0
> >
> > Thanks,
> >
> > Richard
> >
> > ______________________________________________________________________
> > _ Please help support GroupStudy by purchasing your study materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Winston V. Shaw: "Re: RE: Access List"
• Previous message: Scott Morris: "RE: Access List"
• Maybe in reply to: richardyun@adelphia.net: "Access List"
• Next in thread: Winston V. Shaw: "Re: RE: Access List"
• Maybe reply: Winston V. Shaw: "Re: RE: Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:47 GMT-3