RE: ACL Discontiguous Network Matching Question

From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Mon Nov 27 2006 - 20:51:13 ART

• Next message: Kal Han: "Re: RE : VPN between loopbacks - GRE"
• Previous message: Richard Dumoulin: "RE : VPN between loopbacks - GRE"
• Maybe in reply to: Lab Rat #109385382: "ACL Discontiguous Network Matching Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Awesome, thanks. That was it.address is ANDed.

So, for the below, do you guys get:

Access-list 100 permit ip 199.1.68.0 0.0.169.0 any?

Thanks,

Ed

From: Nick Griffin [mailto:nick.jon.griffin@gmail.com]
Sent: Monday, November 27, 2006 6:04 AM
To: Lab Rat #109385382
Cc: cisco@groupstudy.com; Cisco certification; security@groupstudy.com
Subject: Re: ACL Discontiguous Network Matching Question

IE has a good link for this:

http://www.internetworkexpert.com/resources/01700370.htm

On 11/27/06, Lab Rat #109385382 <techlist01@gmail.com> wrote:

I know how to derive the inverse mask for matching an ACL to discontiguous
subnets, but how does one derive the network address again? I must have
forgotten this part of the procedure.

For example, if I'm supposed to match the following networks using a single
ACL:

199.1.101.0/24
199.1.109.0/24
199.1.197.0/24
199.1.204.0/24 <http://199.1.204.0/24>

What is the network statement to use in the ACL? More importantly, why? If
there is a Doc CD location that explains this logic in detail, that would be
great.

Thanks,

Ed

• Next message: Kal Han: "Re: RE : VPN between loopbacks - GRE"
• Previous message: Richard Dumoulin: "RE : VPN between loopbacks - GRE"
• Maybe in reply to: Lab Rat #109385382: "ACL Discontiguous Network Matching Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART