RE: Access List

From: Ajay Prakash (ajay.prakash@networkpeople.co.in)
Date: Mon Oct 29 2007 - 15:32:36 ART

• Next message: Rich Collins: "Re: Redistributing EIGRP that has summary-address into OSPF"
• Previous message: Saul Arjona: "Re: Frame Relay : CBWFQ but no shaping"
• Maybe in reply to: Ajay Prakash: "RE: Access List"
• Next in thread: Ajay Prakash: "RE: Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Joseph. I have been able to get back all the host ip address from the
given access-list with some help from my wife :-).

If anyone wants to learn the logic I used, please let me know.

Thanks.

Ajay

  _____

From: Joseph Saad [mailto:joseph.samir.saad@gmail.com]
Sent: Monday, October 29, 2007 9:49 PM
To: Ajay Prakash
Subject: Re: Access List

That should be very easy. The problem is that you may not get the same
prefixes back. In this specific case, you'll get exactly the 8.

replace each 1 in the wildcard mask with 1/0. YOu have 3 bits in the
wildcard mask (consider only the 2 digits)

2.24 = .00000010.0011000

replace each 1 with 1 and 0, so you have 8 combinations.

I believe you should be able to take it from here.

means

On 10/29/07, Ajay Prakash <ajay.prakash@networkpeople.co.in> wrote:

When we try to deny the following hosts in a single access-list statement,
we are able to do that now without any problems after going through the IE
link mentioned in this thread.

200.0.1.2
200.0.1.10
200.0.1.18
200.0.1.26
200.0.3.2
200.0.3.10
200.0.3.18
200.0.3.26

Solution:
Access-list 1 deny 200.0.1.2 0.0.2.24 <http://0.0.2.24>

What I now want to understand is how to reverse-engineer. Suppose you are
given only the access-list given above and you need to find out the
individual hosts that would be blocked using this access-list. Any pointers
or solutions in this regard would be very helpful.

Thanks,
Ajay

-----Original Message-----
From: subodh.rawat@wipro.com [mailto: subodh.rawat@wipro.com
<mailto:subodh.rawat@wipro.com> ]
Sent: Sunday, September 30, 2007 9:34 PM
To: ajay.prakash@networkpeople.co.in; ccielab@groupstudy.com
<mailto:ccielab@groupstudy.com>
Subject: RE: Access List

Ajay,

Check this out. Excellent stuff.

http://www.internetworkexpert.com/resources/01700370.htm

~Subodh

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ajay Prakash
Sent: Sunday, September 30, 2007 3:17 PM
To: ccielab@groupstudy.com
Subject: Access List

Hello,

Someone please help me understand the access-list provided below. The
task states that only the Hosts mentioned below have to be denied access
in the fewest lines of access list. Also no other hosts should be
blocked.

200.0.1.2

200.0.1.10

200.0.1.18

200.0.1.26

200.0.3.2

200.0.3.10

200.0.3.18

200.0.3.26

The solution listed only a single deny statement in ACL, the second
statement being permit ip any any

Access-list 1 deny 200.0.1.2 0.0.2.24

Please help me understand the math behind this solution.

Thanks,

Ajay

• Next message: Rich Collins: "Re: Redistributing EIGRP that has summary-address into OSPF"
• Previous message: Saul Arjona: "Re: Frame Relay : CBWFQ but no shaping"
• Maybe in reply to: Ajay Prakash: "RE: Access List"
• Next in thread: Ajay Prakash: "RE: Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:19 ART