RE: Access list

From: Scott Morris (swm@emanon.com)
Date: Wed Mar 31 2004 - 22:47:37 GMT-3

• Next message: Scott Morris: "RE: Access list"
• Previous message: Wright, Jeremy: "CBAC ACL"
• Maybe in reply to: Joseph D. Phillips: "Access list"
• Next in thread: Scott Morris: "RE: Access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

28 yeilds 3 bits of difference (16, 8 and 4 positions) while 2 is only 1
bit. So all told, that's 4 bits of difference.
2^4 is 16 last time I checked. So you would get 16 matches to that. There
are only 8 networks listed. So you need to figure out what is matched and
what is not.

x.0, x.4, x.8, x.12, x.16, x.20, x.24, x.28 would be your matches in the
second listed octet. Interestingly enough, they don't seem to match 2, 10,
18 and 26 listed. :)

Back to the old and/xor drawing board!

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of R.
Adjakou/Home
Sent: Wednesday, March 31, 2004 7:13 PM
To: Joseph D. Phillips; Group Study (E-mail)
Subject: Re: Access list

access-list 1 deny x.x.1.0 0.0.2.28
access-list 1 permit any
or
access-list 1 deny x.x.1.28 0.0.2.28
access-list 1 permit any

For explanation read this paper
http://www.internetworkexpert.com/resources/01700370.htm

----- Original Message -----
From: "Joseph D. Phillips" <jphillips@ufcwdrugtrust.org>
To: "Group Study (E-mail)" <ccielab@groupstudy.com>
Sent: Wednesday, March 31, 2004 11:51 PM
Subject: Access list

> I've spent the entire afternoon on a single access list and still can't
figure out the logic. I've looked up articles, and converted everything to
binary and still can't make sense of this.
>
> Given the following networks (last two octets relevant), I need to block
them all in as few lines as possible. Some of you people can do this in your
heads. Simpletons like me, however, can't.
>
> These are the networks:
>
> 1.2
> 1.10
> 1.18
> 1.26
> 3.2
> 3.10
> 3.18
> 3.26
>
> In binary it looks like:
>
> 1 2 00000001 00000010
> 1 10 00000001 00001010
> 1 18 00000001 00010010
> 1 26 00000001 00011010
> 3 2 00000011 00000010
> 3 10 00000011 00001010
> 3 18 00000011 00010010
> 3 26 00000011 00011010
>
> What do I do after that? I know how to summarize them all into one
statement, but I need specific deny statements that only apply to the
networks to be blocked and to none else.
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Access list"
• Previous message: Wright, Jeremy: "CBAC ACL"
• Maybe in reply to: Joseph D. Phillips: "Access list"
• Next in thread: Scott Morris: "RE: Access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:50 GMT-3