From: Joe Carr (Enventis) (jcarr@enventis.com)
Date: Sun Sep 09 2007 - 11:42:19 ART
This is the best I could come up with.
Extended IP access list TESTING
permit ip 172.16.0.0 0.0.7.255 any
permit ip 172.16.9.0 0.0.6.255 any
permit ip 172.16.10.0 0.0.5.255 any
permit ip 172.16.16.0 0.0.239.255 any
permit ip 172.16.32.0 0.0.223.255 any
permit ip 172.16.0.0 0.0.191.255 any
permit ip 172.16.128.0 0.0.127.255 any
permit ip any any
Here is how I broke down the bits in the 3rd octet line by line:
1 = 0 - 7
2 = 9,11,13,15
3 = 10,12,14
4 = anything with the 5th bit on
5 = anything with the 6th bit on
6 = anything with the 7th bit on
7 = anything with the 8th bit on
8 = all other traffic
I know there is some trick to this but I just cannot figure it out. It
may have something to do with prefix matching on an extended named ACL.
Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joe Carr (Enventis)
Sent: Saturday, September 08, 2007 9:23 AM
To: ccielab@groupstudy.com
Subject: Extended ACL Block with Permits
What would be the least amount of commands used to block an IP address
using only permit statements in an Extended ACL.
Let say we want to block 172.16.8.0/24 but permit all other
172.16.0.0/24 address
Joe
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART