RE: Access list

From: Joseph D. Phillips (jphillips@ufcwdrugtrust.org)
Date: Wed Mar 31 2004 - 21:32:28 GMT-3

• Next message: Scott, Tyson C: "RE: Access list"
• Previous message: Scott, Tyson C: "RE: Access list"
• Maybe in reply to: Joseph D. Phillips: "Access list"
• Next in thread: Scott, Tyson C: "RE: Access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Wow, cool. Thank you.

-----Original Message-----
From: Scott, Tyson C [mailto:tyson.scott@hp.com]
Sent: Wednesday, March 31, 2004 16:31
To: Scott, Tyson C; Joseph D. Phillips; Group Study (E-mail)
Subject: RE: Access list

Sorry let me write that better

Access-list 1 deny x.x.1.2 0.0.2.24
Access-list 1 permit any

Regards,
 
Tyson Scott
Agilent Problem Management Team
Managed Network Services
Phone: 313-583-5812
Pager: 877-997-0811
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott, Tyson C
Sent: Wednesday, March 31, 2004 7:27 PM
To: Joseph D. Phillips; Group Study (E-mail)
Subject: RE: Access list

Then here is your answer if only the specific networks.

In binary it looks like:

1 2 00000001 00000010
1 10 00000001 00001010
1 18 00000001 00010010
1 26 00000001 00011010
3 2 00000011 00000010
3 10 00000011 00001010
3 18 00000011 00010010
3 26 00000011 00011010

1.2 2.24

This will match and nothing more

The logic is make the network statement the highest possible network
statement. Then the and/or logic is the bits 8 and 16. As you can see
the listed subnets use every combination of bits 8 and 16

Read the document again and again. It took me a while to understand it.

Regards,
 
Tyson Scott
Agilent Problem Management Team
Managed Network Services
Phone: 313-583-5812
Pager: 877-997-0811
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph D. Phillips
Sent: Wednesday, March 31, 2004 7:08 PM
To: Group Study (E-mail)
Subject: Access list

Yeah, I read that first before posting. It doesn't help because it only
describes how to summarize two or more networks into one statement,
irrespective of which networks might also be affected.

I understand the concept of ANDing and XORing, but I don't know which
lines to group together.

-----Original Message-----
From: Scott, Tyson C [mailto:tyson.scott@hp.com]
Sent: Wednesday, March 31, 2004 16:05
To: Joseph D. Phillips
Subject: RE: Access list

http://www.internetworkexpert.com/resources/01700370.htm

Use this link. This is how I began to understand the concept

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph D. Phillips
Sent: Wednesday, March 31, 2004 6:52 PM
To: Group Study (E-mail)
Subject: Access list

I've spent the entire afternoon on a single access list and still can't
figure out the logic. I've looked up articles, and converted everything
to binary and still can't make sense of this.

Given the following networks (last two octets relevant), I need to block
them all in as few lines as possible. Some of you people can do this in
your heads. Simpletons like me, however, can't.

These are the networks:

1.2
1.10
1.18
1.26
3.2
3.10
3.18
3.26

In binary it looks like:

1 2 00000001 00000010
1 10 00000001 00001010
1 18 00000001 00010010
1 26 00000001 00011010
3 2 00000011 00000010
3 10 00000011 00001010
3 18 00000011 00010010
3 26 00000011 00011010

What do I do after that? I know how to summarize them all into one
statement, but I need specific deny statements that only apply to the
networks to be blocked and to none else.

• Next message: Scott, Tyson C: "RE: Access list"
• Previous message: Scott, Tyson C: "RE: Access list"
• Maybe in reply to: Joseph D. Phillips: "Access list"
• Next in thread: Scott, Tyson C: "RE: Access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:50 GMT-3