From: Keane, James (James.Keane@agriculture.gov.ie)
Date: Thu Nov 03 2005 - 10:25:16 GMT-3
For a start you have entered an illegal access-list
look what happens when you type it ..
the router kindly corrects the error
XXX(config)#access-list 19 permit 100.100.1.0 0.0.3.255
XXX(config)#end
XXX#sho access-list
Standard IP access list 19
10 permit 100.100.0.0, wildcard bits 0.0.3.255
So lets presume you are talking about networks and routes
its
access-list 10 deny 100.100.0.0 0.0.0.0
access-list 10 deny 100.100.3.0 0.0.0.0
access-list 10 permit 100.100.0.0 0.0.3.0
but it's shorter not to use masks at all ..
access-list 10 permit 100.100.1.0 0.0.0.0
access-list 10 permit 100.100.2.0 0.0.0.0
YES their is a difference in making the last a wildcard
access-list 10 permit 100.100.0.0 0.0.3.255
allows 100.100.1.0/30, 100.100.1.3/30, 100.100.1.6/30 etc ..
I dont have my maths cap on but its allowing in several hundred extra routes, when you were just asked to allow in 2.
Regards
James
-----Original Message-----
From: Desmond Ong [mailto:desmond.gk@netstarnetworks.com]
Sent: 03 November 2005 13:11
To: FORUM
Subject: access-list
Hi there,
if i were asked to permit only 100.100.1.0/24 and 100.100.2.0/24 into the
network,
my access list will be 100.100.1.0 0.0.3.255 or will it be
100.100.1.0 0.0.3.0 ??? is there any difference?
Tks!
Desmond
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3