From: Pierre-Alex (paguanel@hotmail.com)
Date: Fri Nov 25 2005 - 16:54:53 GMT-3
If you cannot use prefix-list you can use an extended access-list:
access-list 100 permit 100.100.1.0 0.3.255 255.255.255.0 0.0.0.0
access-list 100 permit 100.100.2.0 0.3.255 255.255.255.0 0.0.0.0
Please note that trying to summurize both. .1 and .2 networks end up
creating more entries because you automatically get the
0 and .3 networks:
access-list 100 deny 100.100.0.0 0.0.0.0 255.255.255.0 0.0.0.0
access-list 100 deny 100.100.3.0 0.0.0.0 255.255.255.0 0.0.0.0
access-list 100 permit 100.100.0.0 0.3.255 255.255.255.0 0.0.0.0
NB: in an extended acl, the first part of the acl, matches the network the
networks (100.100.0.0 0.3.255 ) ,
the second part matches the mask.
Cheers
Pierre
----- Original Message -----
From: "Desmond Ong" <desmond.gk@netstarnetworks.com>
To: "FORUM" <ccielab@groupstudy.com>
Sent: Thursday, November 03, 2005 2:10 PM
Subject: access-list
> Hi there,
>
> if i were asked to permit only 100.100.1.0/24 and 100.100.2.0/24 into the
> network,
>
> my access list will be 100.100.1.0 0.0.3.255 or will it be
> 100.100.1.0 0.0.3.0 ??? is there any difference?
>
> Tks!
>
> Desmond
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3