From: PhiL (theccie@gmail.com)
Date: Sun Jun 04 2006 - 16:13:17 ART
Actually,
In your Example 1 you are allowing third octets from 0 to 7 and this is more
than the 2 subnets (54.1.1.0 and 150.1.6.0) you want to filter. In this case
you would not use 1 line for both but you would need one entry for each of
the networks. Also, your last octet wildcard should be 255 instead of 0 to
allow/deny all the hosts (assuming the 2 original subnets are /24).
On 6/4/06, Elias Chari <elias.chari@gmail.com> wrote:
>
> Faryar,
>
> It is not meant to solve all your acl scenarios, but if you get 3 or 4
> networks then it can get messy using binary. My brain works better in
> decimal...-)
>
> In any case I worked it out using only decimal numbers, as per my previous
> post.
>
> Regards,
> Elias
>
>
> On 6/4/06, Faryar Zabihi (fzabihi) <fzabihi@cisco.com> wrote:
> >
> > Way too complicated. Just think about the networks you need to include.
> > See what octets you need to work on. Then just wildcard is the
> > difference in that octet(from first network to last). Make sure you can
> > actually use one statement to do this. Sometime you would need to
> > blocks. Take the mcast range for example. How can you include all in
> > one ACL?
> > I have never run across too complicated of a scenario for this not to
> > work, but you can definitely get an ugly one. Just make sure you think
> > about it. Bit manipulation can be a biotch and time consuming as you
> > pointed out.
> > This probably doesn't make sense..but it has worked for me
> > everytime...well I did fail the lab but I don't think it was ACLS
> >
> > Faryar
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > elias.chari@gmail.com
> > Sent: Sunday, June 04, 2006 12:29 PM
> > To: ccielab@groupstudy.com
> > Subject: Most efficient ACL to match multiple networks - easier way?
> >
> > Hi Group,
> >
> > I guess you have all come across a requirement to match multiple
> > networks with a one line ACL.
> >
> > I understand the theory i.e AND operation to get the network part and
> > X-OR for the wildcard. Now writting out all the networks in binary and
> > doing the operations is time consuming and quite easy to make a mistake
> > when under pressure.
> >
> > I have tried to work it out using the AND and X-OR functions on the MS
> > calculator and whilst it woks ok for the AND operation for multiple
> > networks, it fails on the X-OR function as it does a comparison of two
> > networks at at time.
> >
> > Has anybody worked out how to get the calculator to compare multiple
> > numbers using the X-OR function?
> >
> > BTW it works for AND when using the networks in decimal format...-)
> >
> > If we crack this, it could potentially save us quite a bit of time.
> >
> > Regards,
> > Elias
> > PS - The equation for an X-OR gate (for those not familiar with it and
> > may be interested) is:
> > __
> > Y = (A+B)(AB)
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Regards,PhiL
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART