From: Germany (ccie.gergonza@gmail.com)
Date: Tue Feb 05 2008 - 01:19:28 ARST
Yes you would be right, thanks for pointing that out
_____
From: Anshuk Kesarwani [mailto:anshuk.ccie@gmail.com]
Sent: Monday, February 04, 2008 3:10 AM
To: ccielab@groupstudy.com
Cc: abdul muhammed; ccie.gergonza@gmail.com
Subject: Re: need help on ACL
Hi ,
I also agree with you (ccie.gergonza@gmail.com )in the solution the only
point where i differ is the original access list by abdul
ip access-list standard acl1
permit 110.20.0.0 <http://110.20.0.0/> 0.0.8.255 <http://0.0.8.255/>
The permit statement allows only two networks
110.20.0.0
110.20.8.0
not the ranges.
Regards
Anshuk Kesarwani
On 2/2/08, Germany <ccie.gergonza@gmail.com> wrote:
That would not be right...
First statement is permitting ranges of 8: i.e. 0-7, 16-23, 32-39, etc...
Second statement is denying only the 110.20.0.0/24 subnet (which was allowed
in the former statement)
Third statement is allowing subnets .1,.2,.3,.4,.5,.6,.7...
If you're trying to do this with the least possible statements (without
denying additional subnets) I think you're looking for something like this:
Deny 110.20.0.0 0.0.6.255 (this gets 0,2,4,6)
Deny 110.20.8.0 0.0.0.255
Permit any
About the first statement
110.20.0.0 0.0.6.255
6= 00000110
Matches: 00000000 = 0
00000010 = 2
00000100 = 4
00000110 = 6
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
abdul muhammed
Sent: Thursday, January 31, 2008 12:19 PM
To: Cisco certification
Subject: need help on ACL
hi
will it be ok to write and access-list that deny even subnet less than 9 i.e
(110.20.0.0, 110.20.2.0, .... 110.20.8.0) as below.
ip access-list standard acl1
permit 110.20.0.0 0.0.8.255
deny 110.20.0.0 0.0.0.255
permit any any
-- Abdul Muhammed Murtala AMerican University of Nigeria Lamido Zubairu way, Yola Adamawa +2348052001153, +2348056201237Network Manager MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST