Re: Access-List

From: Bob Sinclair (bob@bobsinclair.net)
Date: Thu Nov 29 2007 - 21:46:56 ART

• Next message: Joel Amao: "RE: Spanning tree output Interpretations"
• Previous message: Joel Amao: "RE: OT:Cisco 7200 SFP"
• Maybe in reply to: Tandou Mohamed: "Access-List"
• Next in thread: Tandou Mohamed: "Re: Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tandou Mohamed wrote:
> GS,
>
> can someone explain why my answer is different from the solution?
> Prevents access from the following networks. use only minimum number of lines.
> 161.150.81.0/24
> 129.150.17.0/24
> 193.150.17.0/24
> 129.150.81.0/24
> 161.150.17.0/24
> 193.150.81.0/24
> My answer : access-list 10 deny 129.150.17.0 96.0.64.0
>
> The solution has: access-list 3 deny 129.150.17.0 96.0.64.255
>
>

Hi Tandou,

The zero in the fourth octet of your inverse mask means that all bits in
that octet must be zero to match. This will not match any IP addresses
on the /24 networks, only the network address. The 255 in the last
octet of the solution allows any value in the fourth octet. In this
case, any ip address on the given subnets.

It may be that you interpreted the task as a match on network addresses,
rather than on IP addresses on the given subnets.

Hth,

-- 
Bob Sinclair CCIE 10427 CCSI 30427
www.netmasterclass.net

• Next message: Joel Amao: "RE: Spanning tree output Interpretations"
• Previous message: Joel Amao: "RE: OT:Cisco 7200 SFP"
• Maybe in reply to: Tandou Mohamed: "Access-List"
• Next in thread: Tandou Mohamed: "Re: Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:32 ART