From: Desmond Ong (desmond.gk@netstarnetworks.com)
Date: Thu Nov 03 2005 - 10:38:36 GMT-3
Hi Kean,
Tks. meaning, if i put wildcard mask 0.0.3.0 it will only allow /24 route
specifically. if i put 0.0.3.255, that meaning i am also permiting the rest
of the other subnet within 100.100.1.0 and 100.100.2.0
Cheers!
Desmond
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Keane, James
Sent: Thursday, November 03, 2005 9:25 PM
To: Desmond Ong; FORUM
Subject: RE: access-list
For a start you have entered an illegal access-list
look what happens when you type it ..
the router kindly corrects the error
XXX(config)#access-list 19 permit 100.100.1.0 0.0.3.255
XXX(config)#end
XXX#sho access-list
Standard IP access list 19
10 permit 100.100.0.0, wildcard bits 0.0.3.255
So lets presume you are talking about networks and routes
its
access-list 10 deny 100.100.0.0 0.0.0.0
access-list 10 deny 100.100.3.0 0.0.0.0
access-list 10 permit 100.100.0.0 0.0.3.0
but it's shorter not to use masks at all ..
access-list 10 permit 100.100.1.0 0.0.0.0
access-list 10 permit 100.100.2.0 0.0.0.0
YES their is a difference in making the last a wildcard
access-list 10 permit 100.100.0.0 0.0.3.255
allows 100.100.1.0/30, 100.100.1.3/30, 100.100.1.6/30 etc ..
I dont have my maths cap on but its allowing in several hundred extra
routes, when you were just asked to allow in 2.
Regards
James
-----Original Message-----
From: Desmond Ong [mailto:desmond.gk@netstarnetworks.com]
Sent: 03 November 2005 13:11
To: FORUM
Subject: access-list
Hi there,
if i were asked to permit only 100.100.1.0/24 and 100.100.2.0/24 into the
network,
my access list will be 100.100.1.0 0.0.3.255 or will it be
100.100.1.0 0.0.3.0 ??? is there any difference?
Tks!
Desmond
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3