From: T. N. Noble (noble@inserviceindia.com)
Date: Wed Jun 08 2005 - 02:44:16 GMT-3
I have a different understanding of your question. "DENY ANYTHING WITH ODD
3rd OCTET" may be looked at based on the provided networks / all networks.
If it is based on the provided network, then I believe that the ACL
"access-list 1 deny 30.1.0.0 0.0.1.255" is more correct.
Further if it is looked up on based on all the networks then the ACL "deny
30.1.0.0 0.0.1.0" may be correct.
I may be wrong but was trying to put my interpretation of your question.
Thanks,
Noble
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: 08 June 2005 07:57
To: ccielab@groupstudy.com
Subject: route filtering with wild-card mask
ok,
you have networks 30.1.1.0 and 30.1.2.0. you want to deny anything with
an odd 3rd octed
now, i alway thought that you the access-list should be:
access-list 1 deny 30.1.0.0 0.0.1.255 since you are matching anything
with the last bit set to 1,
or
to deny any thing even you should use:
access-list 1 deny 30.1.0.0 0.0.255.255 since only numbers with the least
significant bit set to zero are even................but lately when i've
been configuring offset-lists my findings have been just the opposite as
anticipated....
it this correct?
as a side note, in the 1st example you can actually use "deny 30.1.0.0
0.0.1.0" yeah? since you don't need to match the 1, 2, or 4th bit <?>
just trying to get my fact nailed down!
tia
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3