RE: access-list question

From: Sam (samccie2004@yahoo.co.uk)
Date: Tue Apr 20 2004 - 15:12:55 GMT-3

• Next message: Scott Morris: "RE: access-list question"
• Previous message: Brian McGahan: "RE: boot camp again :)"
• Maybe in reply to: Bayraktar, Ersoy: "access-list question"
• Next in thread: Scott Morris: "RE: access-list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Applying a logicak XOR, would the below be correct ?

1 0000 0001
2 0000 0010
3 0000 0011
8 0000 1000
-----------------
        0000 1011

Resulting in 192.168.0.0 0.0.11.0. Is this correct ?

Thanks

Sam

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Scott Morris
Sent: 20 April 2004 16:51
To: 'Bayraktar, Ersoy'
Cc: ccielab@groupstudy.com
Subject: RE: access-list question

To permit no extra nets, the minimum number of statements would be three.

1.0 by itself, 2.0 with a mask of 0.0.1.0 (catching 2 and 3) and 8.0 by
itself.
You can also deny 0.0 individually, permit 0.0 with mask of 0.0.3.0
(catching 0 to 3) and 8.0 by itself.

Anything else would permit more networks. Always check the number of bits
set to 1 in your mask. 2^x yields the number of matches that your mask will
match.

HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bayraktar, Ersoy
Sent: Tuesday, April 20, 2004 9:38 AM
To: swm@emanon.com
Cc: ccielab@groupstudy.com
Subject: RE: access-list question

It is asking to use the minimum number of configuration statements.

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Tuesday, April 20, 2004 5:31 PM
To: Bayraktar, Ersoy; ccielab@groupstudy.com
Subject: RE: access-list question

I just re-read your nets...

1.0 00000001
2.0 00000010
3.0 00000011
8.0 00001000
        ^ ^^

There are three bits of difference between these three. Three bits of
difference in the mask (2^3) will yield 8 matches to your ACL. So you can't
put them all in a single mask. You'll get too many extra networks coming
in. Watch the wording on your lab, but be specific.

Oftentimes you'll see "in as few routes as possible", but when you see that,
it doesn't mean to allow extra networks. If you were going to do that, just
permit 0.0.0.0 255.255.255.255, because that will certainly cover any of the
nets you have. :)

HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bayraktar, Ersoy
Sent: Tuesday, April 20, 2004 9:14 AM
To: ccielab@groupstudy.com
Subject: access-list question

Hi group,

How come the access-list 1 pemit 192.168.4.0 0.0.3.0 means permit
192.168.1.0,192.168.2.0,192.168.3.0 and 192.168.8.0. I couldn't find a good
document for such subnetting.

Thanks

• Next message: Scott Morris: "RE: access-list question"
• Previous message: Brian McGahan: "RE: boot camp again :)"
• Maybe in reply to: Bayraktar, Ersoy: "access-list question"
• Next in thread: Scott Morris: "RE: access-list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3