RE: Most efficient ACL to match multiple networks - easier way?

From: Faryar Zabihi \(fzabihi\) (fzabihi@cisco.com)
Date: Sun Jun 04 2006 - 14:54:41 ART

• Next message: Elias Chari: "Re: Most efficient ACL to match multiple networks - easier way?"
• Previous message: Daniel Free: "R&S CCIE Written - 350-001"
• Maybe in reply to: elias.chari@gmail.com: "Most efficient ACL to match multiple networks - easier way?"
• Next in thread: Elias Chari: "Re: Most efficient ACL to match multiple networks - easier way?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Way too complicated. Just think about the networks you need to include.
See what octets you need to work on. Then just wildcard is the
difference in that octet(from first network to last). Make sure you can
actually use one statement to do this. Sometime you would need to
blocks. Take the mcast range for example. How can you include all in
one ACL?
I have never run across too complicated of a scenario for this not to
work, but you can definitely get an ugly one. Just make sure you think
about it. Bit manipulation can be a biotch and time consuming as you
pointed out.
This probably doesn't make sense..but it has worked for me
everytime...well I did fail the lab but I don't think it was ACLS

 Faryar

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
elias.chari@gmail.com
Sent: Sunday, June 04, 2006 12:29 PM
To: ccielab@groupstudy.com
Subject: Most efficient ACL to match multiple networks - easier way?

Hi Group,

I guess you have all come across a requirement to match multiple
networks with a one line ACL.

I understand the theory i.e AND operation to get the network part and
X-OR for the wildcard. Now writting out all the networks in binary and
doing the operations is time consuming and quite easy to make a mistake
when under pressure.

I have tried to work it out using the AND and X-OR functions on the MS
calculator and whilst it woks ok for the AND operation for multiple
networks, it fails on the X-OR function as it does a comparison of two
networks at at time.

Has anybody worked out how to get the calculator to compare multiple
numbers using the X-OR function?

BTW it works for AND when using the networks in decimal format...-)

If we crack this, it could potentially save us quite a bit of time.

Regards,
Elias
PS - The equation for an X-OR gate (for those not familiar with it and
may be interested) is:
          __
Y = (A+B)(AB)

• Next message: Elias Chari: "Re: Most efficient ACL to match multiple networks - easier way?"
• Previous message: Daniel Free: "R&S CCIE Written - 350-001"
• Maybe in reply to: elias.chari@gmail.com: "Most efficient ACL to match multiple networks - easier way?"
• Next in thread: Elias Chari: "Re: Most efficient ACL to match multiple networks - easier way?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART