RE: Access List

From: Ajay Prakash (ajay.prakash@networkpeople.co.in)
Date: Mon Oct 29 2007 - 17:06:58 ART

• Next message: CCIEin2006: "Re: Why must all areas connect to Area 0?"
• Previous message: Scott Vermillion: "RE: Why must all areas connect to Area 0?"
• Maybe in reply to: Ajay Prakash: "RE: Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have just written the solution to this problem. Comments are welcome.

The document is located at http://www.networkpeople.co.in/Wildcard_Hosts.doc

Ajay

On 10/29/07, Ajay Prakash <ajay.prakash@networkpeople.co.in> wrote:

When we try to deny the following hosts in a single access-list statement,
we are able to do that now without any problems after going through the IE
link mentioned in this thread.

200.0.1.2
200.0.1.10
200.0.1.18
200.0.1.26
200.0.3.2
200.0.3.10
200.0.3.18
200.0.3.26

Solution:
Access-list 1 deny 200.0.1.2 0.0.2.24 <http://0.0.2.24>

What I now want to understand is how to reverse-engineer. Suppose you are
given only the access-list given above and you need to find out the
individual hosts that would be blocked using this access-list. Any pointers
or solutions in this regard would be very helpful.

Thanks,
Ajay

-----Original Message-----
From: subodh.rawat@wipro.com [mailto: subodh.rawat@wipro.com
<mailto:subodh.rawat@wipro.com> ]
Sent: Sunday, September 30, 2007 9:34 PM
To: ajay.prakash@networkpeople.co.in; ccielab@groupstudy.com
<mailto:ccielab@groupstudy.com>
Subject: RE: Access List

Ajay,

Check this out. Excellent stuff.

http://www.internetworkexpert.com/resources/01700370.htm

~Subodh

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ajay Prakash
Sent: Sunday, September 30, 2007 3:17 PM
To: ccielab@groupstudy.com
Subject: Access List

Hello,

Someone please help me understand the access-list provided below. The
task states that only the Hosts mentioned below have to be denied access
in the fewest lines of access list. Also no other hosts should be
blocked.

200.0.1.2

200.0.1.10

200.0.1.18

200.0.1.26

200.0.3.2

200.0.3.10

200.0.3.18

200.0.3.26

The solution listed only a single deny statement in ACL, the second
statement being permit ip any any

Access-list 1 deny 200.0.1.2 0.0.2.24

Please help me understand the math behind this solution.

Thanks,

Ajay

• Next message: CCIEin2006: "Re: Why must all areas connect to Area 0?"
• Previous message: Scott Vermillion: "RE: Why must all areas connect to Area 0?"
• Maybe in reply to: Ajay Prakash: "RE: Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:19 ART