RE: ACL-min lines

From: Scott Morris (smorris@ipexpert.com)
Date: Tue Nov 13 2007 - 23:53:05 ART

• Next message: Wollmann, Bruno RQHR: "Multicast on 3550/3560"
• Previous message: Scott Morris: "RE: IPEXPERT lab 22"
• Maybe in reply to: CJ: "ACL-min lines"
• Next in thread: Cecil Wilson: "RE: ACL-min lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There's a couple things. You can always try setting up a bunch of
hosts/loopbacks and trying pings or something...

When you look at your mask, count the number of '1' values you have set. 2
to that power (e.g. 1 bit of difference in the mask = 2^1) will tell you the
number of matches your mask will give you.

In the example below the two lines given, one line had a mask with 1 bit of
difference (2^1 = 2 matches) and the other line had two bits set to the '1'
value (2^2 = 4 matches) yielding a total of six matches even though only
four were desired.

Just math shortcuts. :)

HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
#153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor

A Cisco Learning Partner - We Accept Learning Credits!

smorris@ipexpert.com

Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com

-----Original Message-----
From: Cecil Wilson [mailto:Cecil.Wilson@flextronics.com]
Sent: Tuesday, November 13, 2007 8:08 PM
To: Scott Morris; omair naim; Sadiq Yakasai; Gupta, Gopal (NWCC)
Cc: CJ; Cisco certification
Subject: RE: ACL-min lines

Scott
What is the procedure for doing this? How can I verify this answer?
thanks

Cecil G. Wilson
IT Network Services
Office: (901) 215-2710
Cell: (901) 601-6201
VoIP 104-2710
FLEX Logistics
cecil.wilson@flextronics.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Sunday, November 11, 2007 3:36 PM
To: 'omair naim'; 'Sadiq Yakasai'; 'Gupta, Gopal (NWCC)'
Cc: 'CJ'; 'Cisco certification'
Subject: RE: ACL-min lines

That would permit 4, 5, 8, 9, 10 and 11.
 
Scott

  _____

From: omair naim [mailto:omairnaim1@hotmail.com]
Sent: Sunday, November 11, 2007 3:16 PM
To: Sadiq Yakasai; Gupta, Gopal (NWCC)
Cc: Scott Morris; CJ; Cisco certification
Subject: RE: ACL-min lines

Check this out.
 
permit 192.168.10.0 wildcard 0.0.1.0
permit 192.168.4.0 wildcard 0.0.5.0

> Date: Sat, 10 Nov 2007 16:28:36 +0000
> From: sadiqtanko@gmail.com
> To: gopal.gupta@hp.com
> Subject: Re: ACL-min lines
> CC: smorris@ipexpert.com; 693455@gmail.com; ccielab@groupstudy.com
>
> Hey guys,
>
> Speaking of which reminds me. Question says:
>
> Using 2 lines, permit 5,10,11,14 subnets and deny all others from
> 192.168.1.0 to 192.168.16.0/24:
>
> i.e.
>
> 192.168.1.0/24
> 192.168.2.0/24
> 192.168.3.0/24
> 192.168.4.0/24
> 192.168.5.0/24
> 192.168.6.0/24
> 192.168.7.0/24
> 192.168.8.0/24
> 192.168.9.0/24
> 192.168.10.0/24
> 192.168.11.0/24
> 192.168.12.0/24
> 192.168.13.0/24
>
> Thanks
>
>

• Next message: Wollmann, Bruno RQHR: "Multicast on 3550/3560"
• Previous message: Scott Morris: "RE: IPEXPERT lab 22"
• Maybe in reply to: CJ: "ACL-min lines"
• Next in thread: Cecil Wilson: "RE: ACL-min lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART