RE: access-list

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Thu Nov 03 2005 - 12:47:41 GMT-3

• Next message: Alexander Arsenyev (GU/ETL): "RE: GRE encryption with IP SEC"
• Previous message: Geert Nijs: "GRE encryption with IP SEC"
• Maybe in reply to: Desmond Ong: "access-list"
• Next in thread: Keane, James: "RE: access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you are trying to match the .1 and .2 network, then remember that a
"1" in the mask means "don't care" and the "0" means to match what is
specified in the address. So, if you do"

Access-list 10 permit 100.100.0.0 0.0.3.255

This should match everything in the ....

100.100.1.0 network
100.100.2.0 network
100.100.3.0 network

So, if you don't want the .3 network, I would say that you would have to
do this:

Access-list 10 deny 100.100.3.0 0.0.0.255
Access-list 10 permit 100.100.0.0 0.0.3.255

Correct?

Dave Schulz,
Email: dschulz@dpsciences.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Desmond Ong
Sent: Thursday, November 03, 2005 8:39 AM
To: Keane, James; FORUM
Subject: RE: access-list

Hi Kean,

Tks. meaning, if i put wildcard mask 0.0.3.0 it will only allow /24
route
specifically. if i put 0.0.3.255, that meaning i am also permiting the
rest
of the other subnet within 100.100.1.0 and 100.100.2.0

Cheers!

Desmond

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Keane, James
Sent: Thursday, November 03, 2005 9:25 PM
To: Desmond Ong; FORUM
Subject: RE: access-list

For a start you have entered an illegal access-list
look what happens when you type it ..
the router kindly corrects the error

XXX(config)#access-list 19 permit 100.100.1.0 0.0.3.255
XXX(config)#end
XXX#sho access-list
Standard IP access list 19
    10 permit 100.100.0.0, wildcard bits 0.0.3.255

So lets presume you are talking about networks and routes

its

access-list 10 deny 100.100.0.0 0.0.0.0
access-list 10 deny 100.100.3.0 0.0.0.0
access-list 10 permit 100.100.0.0 0.0.3.0

but it's shorter not to use masks at all ..

access-list 10 permit 100.100.1.0 0.0.0.0
access-list 10 permit 100.100.2.0 0.0.0.0

YES their is a difference in making the last a wildcard

access-list 10 permit 100.100.0.0 0.0.3.255

allows 100.100.1.0/30, 100.100.1.3/30, 100.100.1.6/30 etc ..
I dont have my maths cap on but its allowing in several hundred extra
routes, when you were just asked to allow in 2.

Regards

James

-----Original Message-----
From: Desmond Ong [mailto:desmond.gk@netstarnetworks.com]
Sent: 03 November 2005 13:11
To: FORUM
Subject: access-list

Hi there,

if i were asked to permit only 100.100.1.0/24 and 100.100.2.0/24 into
the
network,

my access list will be 100.100.1.0 0.0.3.255 or will it be
100.100.1.0 0.0.3.0 ??? is there any difference?

Tks!

Desmond

• Next message: Alexander Arsenyev (GU/ETL): "RE: GRE encryption with IP SEC"
• Previous message: Geert Nijs: "GRE encryption with IP SEC"
• Maybe in reply to: Desmond Ong: "access-list"
• Next in thread: Keane, James: "RE: access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3