RE: Access-list clarification

From: Kian Wah, Lai (kian_wah@qala.com.sg)
Date: Tue Oct 19 2004 - 03:42:26 GMT-3

• Next message: Geert Nijs: "RE: EIGRP K-Value Mismatch"
• Previous message: Danny Ng: "EIGRP K-Value Mismatch"
• Maybe in reply to: Cisco Net: "Access-list clarification"
• Next in thread: Carlos G Mendioroz: "Re: Access-list clarification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

145.0.0.0 0.255.0.0 will match 145.0.0.0/8 as well.

Assuming you have
145.0.0.0/8
145.0.0.0/16
145.1.0.0/16 - 145.3.0.0/16
In your routing table and you want to match
145.0.0.0/16
145.1.0.0/16 - 145.3.0.0/16

And deny
145.0.0.0/8

I would use
Access-list 100 deny ip host 145.0.0.0 host 255.0.0.0
-> deny the /8
Access-list 100 permit ip 145.0.0.0 0.3.0.0 any
-> permit the rest

ACL needs lots of practice :)

Regards,
Kian Wah
Singapore Cisco User Group
http://www.sgcug.org

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Nico
van Niekerk
Sent: Tuesday, October 19, 2004 2:11 PM
To: CCIELAB
Subject: RE: Access-list clarification

Try 145.0.0.0 0.255.0.0
The wildcard is not the same as a network mask, they have nothing in common,
I think that's where your confusion lies.

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Cisco Net
> Sent: Tuesday, 19 October 2004 3:37 PM
> To: Nico van Niekerk
> Cc: Group Study
> Subject: Re: Access-list clarification
>
>
> Mmmm
> 145.0.0.0 /8 will match anything above /8 subnet.. like /9, /10, /11 etc
>
> I want to match only 145.x.0.0/16... Ex 145.1.0.0/16, 145.2.0.0/16 etc
> But not 145.0.0.0/8...
> It should be /16 for sure...
> Regards
> Cert
>
>
> On Tue, 19 Oct 2004 15:16:58 +1000, Nico van Niekerk
> <nico@vanniekerk.co.za> wrote:
> > 145.x.0.0/16 with x being any number is the same as saying 145.0.0.0/8
> > Once you specify 'any' number in second octet with a /16 mask you're
> > actually specifying a mask of /8.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > > Cisco Net
> > > Sent: Tuesday, 19 October 2004 2:31 PM
> > > To: Group Study
> > > Subject: Access-list clarification
> > >
> > >
> > > Hi
> > > How to write an acl for the following,
> > > 145.X.0.0 /16 where as second octet can be any number
> > >
> > > Got confused..
> > >
> > > 145.0.0.0 0.255.255.255 will not match the mask.
> > >
> > > Is it,
> > >
> > > 145.0.0.0 0.255.255.255 host 255.255.0.0 ???
> > >
> > > Please clarify....
> > > Regards
> > > Cert
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Geert Nijs: "RE: EIGRP K-Value Mismatch"
• Previous message: Danny Ng: "EIGRP K-Value Mismatch"
• Maybe in reply to: Cisco Net: "Access-list clarification"
• Next in thread: Carlos G Mendioroz: "Re: Access-list clarification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:49 GMT-3