From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Thu Nov 03 2005 - 14:23:07 GMT-3
Yes, it does. Thanks, James.
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: Keane, James [mailto:James.Keane@agriculture.gov.ie]
Sent: Thursday, November 03, 2005 11:41 AM
To: Schulz, Dave; Desmond Ong; FORUM
Subject: RE: access-list
not quite !
Access-list 10 permit 100.100.0.0 0.0.3.0
actaully matches 4 networks ..
0.0.3.0 = 0.0. 00000011 .0
as you pointed out 1 means dont care (1 or 0)
so matches are
0.0. 00000000 .0
0.0. 00000001 .0
0.0. 00000010 .0
0.0. 00000011 .0
matching
100.100.0.0
100.100.1.0
100.100.2.0
100.100.3.0
is that clearer or am I making things worse ?
-----Original Message-----
From: Schulz, Dave [mailto:DSchulz@dpsciences.com]
Sent: 03 November 2005 15:48
To: Desmond Ong; Keane, James; FORUM
Subject: RE: access-list
If you are trying to match the .1 and .2 network, then remember that a
"1" in the mask means "don't care" and the "0" means to match what is
specified in the address. So, if you do"
Access-list 10 permit 100.100.0.0 0.0.3.255
This should match everything in the ....
100.100.1.0 network
100.100.2.0 network
100.100.3.0 network
So, if you don't want the .3 network, I would say that you would have to
do this:
Access-list 10 deny 100.100.3.0 0.0.0.255
Access-list 10 permit 100.100.0.0 0.0.3.255
Correct?
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Desmond Ong
Sent: Thursday, November 03, 2005 8:39 AM
To: Keane, James; FORUM
Subject: RE: access-list
Hi Kean,
Tks. meaning, if i put wildcard mask 0.0.3.0 it will only allow /24
route
specifically. if i put 0.0.3.255, that meaning i am also permiting the
rest
of the other subnet within 100.100.1.0 and 100.100.2.0
Cheers!
Desmond
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Keane, James
Sent: Thursday, November 03, 2005 9:25 PM
To: Desmond Ong; FORUM
Subject: RE: access-list
For a start you have entered an illegal access-list
look what happens when you type it ..
the router kindly corrects the error
XXX(config)#access-list 19 permit 100.100.1.0 0.0.3.255
XXX(config)#end
XXX#sho access-list
Standard IP access list 19
10 permit 100.100.0.0, wildcard bits 0.0.3.255
So lets presume you are talking about networks and routes
its
access-list 10 deny 100.100.0.0 0.0.0.0
access-list 10 deny 100.100.3.0 0.0.0.0
access-list 10 permit 100.100.0.0 0.0.3.0
but it's shorter not to use masks at all ..
access-list 10 permit 100.100.1.0 0.0.0.0
access-list 10 permit 100.100.2.0 0.0.0.0
YES their is a difference in making the last a wildcard
access-list 10 permit 100.100.0.0 0.0.3.255
allows 100.100.1.0/30, 100.100.1.3/30, 100.100.1.6/30 etc ..
I dont have my maths cap on but its allowing in several hundred extra
routes, when you were just asked to allow in 2.
Regards
James
-----Original Message-----
From: Desmond Ong [mailto:desmond.gk@netstarnetworks.com]
Sent: 03 November 2005 13:11
To: FORUM
Subject: access-list
Hi there,
if i were asked to permit only 100.100.1.0/24 and 100.100.2.0/24 into
the
network,
my access list will be 100.100.1.0 0.0.3.255 or will it be
100.100.1.0 0.0.3.0 ??? is there any difference?
Tks!
Desmond
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3