RE: Access list

From: Scott Morris (swm@emanon.com)
Date: Sat Jul 01 2006 - 15:02:44 ART

• Next message: Scott Morris: "RE: Access list"
• Previous message: Scott Morris: "RE: Access list"
• Maybe in reply to: Sami: "Access list"
• Next in thread: Scott Morris: "RE: Access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The fourth octet answer here is good because that will give you .1 and .9
values. But you lost your second octet in that answer! :)

To match 3, 5 and 7 you can't do it in one line. You'll need two.

00000011 = 3
00000101 = 5
00000111 = 7

If I flag the 2-bit and 4-bit positions as being different as use a mask of
.6, that actually matches the "1" value as well which isn't part of my list.

I COULD do:

Deny 51.1.0.1 0.0.0.8
Permit 51.1.0.1 0.6.0.8

Or:

Permit 51.3.0.1 0.0.0.8
Permit 51.5.0.1 0.2.0.8

Or:

Permit 51.3.0.1 0.4.0.8
Permit 51.5.0.1 0.0.0.8

The object is least number of lines, but also think about "no more no less".
If we start considering that permitting extra things is a good idea, why not
just save the brain power and use "permit any"???

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ELDHO PAUL
Sent: Saturday, July 01, 2006 7:20 AM
To: Sami
Cc: ccielab@groupstudy.com
Subject: Re: Access list

A more currect answer seems to be
 51.1.0.1 0.0.0.8
We will get the first portion 51.1.0.1 by doing an and opration of all the
four ip addresses and the wildcard portion by doing the XOR operation of all
the four ip addresses.

On 7/1/06, ELDHO PAUL <cciein2006@gmail.com> wrote:
>
> I think we can match it with 2 access lists
> 51.3.0.1 0.6.0.0
> 51.3.0.9 0.6.0.0
>
>
> On 7/1/06, Sami <sy1977@gmail.com> wrote:
> >
> > Group,
> >
> > One of the task say use minimum amount of line necessary to comple
> > this task.
> >
> > 51.3.0.1
> > 51.5.0.1
> > 51.7.0.1
> > 51.3.0.9
> > 51.5.0.9
> > 51.7.0.9
> >
> > How can I combine in one access list ?
> >
> > Thanks
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Access list"
• Previous message: Scott Morris: "RE: Access list"
• Maybe in reply to: Sami: "Access list"
• Next in thread: Scott Morris: "RE: Access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:46 ART