From: Leo Leung (leoleung_yh@yahoo.com)
Date: Thu May 18 2006 - 14:25:06 ART
Hi,
if asked to have one line ACL, permit 192.168.8.0 0.0.7.255 will include that 6 /24 blocks; if you want to keep only even numbered blocks, you should use permit 192.168.8.0 0.0.6.255; The difference is the last bit of the third octet is 0 (00000110) to match even number wheras 1 means "don't care" as previous 7 (00000111) includes both even and odd number blocks. If you use deny first then permit, that would consider 2 lines of ACL, why just use permit whatever is asked in one line and let implicit deny take care of the rest.
Leo
san <san.study@gmail.com> wrote:
Andy,
Yes, Deny followed by Permit should work for your case.
But there is a probable mistake in your deny statement. I think it should
be like below
deny 192.168.9.0 0.0.6.255 (havent tried this, could work).
or
deny 192.168.1.0 0.0.254.255
On 5/18/06, Andy Irving wrote:
>
> OK I get the AND and XOR stages in calculating the wildcard, taking it a
> step further say I had to work out a single line for:
>
> 192.168.10.0
> 192.168.11.0
> 192.168.12.0
> 192.168.13.0
> 192.168.14.0
> 192.168.15.0
>
> I would use 192.168.8.0 0.0.7.0, what if I just wanted to match the even
> numbered addresses?
>
> Would I have to deny 192.168.8.0 0.0.1.0 then permit 192.168.8.0
> 0.0.7.0?
> (theory being that any bit in the 1 position makes the number odd -
> right?), therefore all you are left with is the even numbered networks.
>
>
>
>
>
> Thanks
>
>
>
> Andy
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Thanks & Rgds SAN
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART