Re: need help on ACL

From: Anshuk Kesarwani (anshuk.ccie@gmail.com)
Date: Mon Feb 04 2008 - 07:10:20 ARST

• Next message: cciehksg: "Re: Port-Channels not coming on"
• Previous message: Gary Duncanson: "Re: Passed!! 20 yr old CCIE # 19910"
• Maybe in reply to: abdul muhammed: "need help on ACL"
• Next in thread: Germany: "RE: need help on ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi ,

I also agree with you (ccie.gergonza@gmail.com )in the solution the only
point where i differ is the original access list by abdul

ip access-list standard acl1
permit 110.20.0.0 0.0.8.255

The permit statement allows only two networks
110.20.0.0
110.20.8.0

not the ranges.

Regards

Anshuk Kesarwani

On 2/2/08, Germany <ccie.gergonza@gmail.com> wrote:

> That would not be right...
>
> First statement is permitting ranges of 8: i.e. 0-7, 16-23, 32-39, etc...
> Second statement is denying only the 110.20.0.0/24 subnet (which was
> allowed
> in the former statement)
> Third statement is allowing subnets .1,.2,.3,.4,.5,.6,.7...
>
>
> If you're trying to do this with the least possible statements (without
> denying additional subnets) I think you're looking for something like
> this:
>
> Deny 110.20.0.0 0.0.6.255 (this gets 0,2,4,6)
> Deny 110.20.8.0 0.0.0.255
> Permit any
>
>
> About the first statement
>
> 110.20.0.0 0.0.6.255
>
> 6= 00000110
> Matches: 00000000 = 0
> 00000010 = 2
> 00000100 = 4
> 00000110 = 6
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> abdul muhammed
> Sent: Thursday, January 31, 2008 12:19 PM
> To: Cisco certification
> Subject: need help on ACL
>
> hi
>
> will it be ok to write and access-list that deny even subnet less than 9
> i.e
> (110.20.0.0, 110.20.2.0, .... 110.20.8.0) as below.
>
> ip access-list standard acl1
> permit 110.20.0.0 0.0.8.255
> deny 110.20.0.0 0.0.0.255
> permit any any
> --
> Abdul Muhammed Murtala
> AMerican University of Nigeria
> Lamido Zubairu way, Yola
> Adamawa
> +2348052001153, +2348056201237
>
> Network Manager
> MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: cciehksg: "Re: Port-Channels not coming on"
• Previous message: Gary Duncanson: "Re: Passed!! 20 yr old CCIE # 19910"
• Maybe in reply to: abdul muhammed: "need help on ACL"
• Next in thread: Germany: "RE: need help on ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST