From: Anshuk Kesarwani (anshuk.ccie@gmail.com)
Date: Tue Feb 05 2008 - 10:17:06 ARST
Hi *Edouard*,
This is just simple binary maths and how wild cards are treated in
Access-lists.
What does a 1 and 0 mean in wildcard notation. A zero means an excat match
is required and 1 means any.
Now convert the access-list down to binary and see the result.
Hope that helps.
Regards
Anshuk Kesarwani
On 2/5/08, Edouard Zorrilla <ezorrilla@tsf.com.pe> wrote:
>
> Excuse me Sir,
>
> How did you get with the conclusion that : "permit 110.20.0.0 0.0.8.255"
> permit this two networks:
>
> 110.20.0.0
> 110.20.8.0
>
> ?
>
> I mean, if my wildcard is 0.0.8.255, then my mask should be 255.255.247.0.
> This mas is odd, so it is not possible or it is ?
>
> Please let me know your thought,
>
> Regards
> ----- Original Message -----
> From: "Anshuk Kesarwani" <anshuk.ccie@gmail.com>
> To: <ccielab@groupstudy.com>
> Cc: "abdul muhammed" <abdulmuri@gmail.com>; <ccie.gergonza@gmail.com>
> Sent: Monday, February 04, 2008 4:10 AM
> Subject: Re: need help on ACL
>
>
> > Hi ,
> >
> > I also agree with you (ccie.gergonza@gmail.com )in the solution the only
> > point where i differ is the original access list by abdul
> >
> > ip access-list standard acl1
> > permit 110.20.0.0 0.0.8.255
> >
> > The permit statement allows only two networks
> > 110.20.0.0
> > 110.20.8.0
> >
> > not the ranges.
> >
> > Regards
> >
> > Anshuk Kesarwani
> >
> > On 2/2/08, Germany <ccie.gergonza@gmail.com> wrote:
> >
> >> That would not be right...
> >>
> >> First statement is permitting ranges of 8: i.e. 0-7, 16-23, 32-39,
> etc...
> >> Second statement is denying only the 110.20.0.0/24 subnet (which was
> >> allowed
> >> in the former statement)
> >> Third statement is allowing subnets .1,.2,.3,.4,.5,.6,.7...
> >>
> >>
> >> If you're trying to do this with the least possible statements (without
> >> denying additional subnets) I think you're looking for something like
> >> this:
> >>
> >> Deny 110.20.0.0 0.0.6.255 (this gets 0,2,4,6)
> >> Deny 110.20.8.0 0.0.0.255
> >> Permit any
> >>
> >>
> >> About the first statement
> >>
> >> 110.20.0.0 0.0.6.255
> >>
> >> 6= 00000110
> >> Matches: 00000000 = 0
> >> 00000010 = 2
> >> 00000100 = 4
> >> 00000110 = 6
> >>
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> >> abdul muhammed
> >> Sent: Thursday, January 31, 2008 12:19 PM
> >> To: Cisco certification
> >> Subject: need help on ACL
> >>
> >> hi
> >>
> >> will it be ok to write and access-list that deny even subnet less than
> 9
> >> i.e
> >> (110.20.0.0, 110.20.2.0, .... 110.20.8.0) as below.
> >>
> >> ip access-list standard acl1
> >> permit 110.20.0.0 0.0.8.255
> >> deny 110.20.0.0 0.0.0.255
> >> permit any any
> >> --
> >> Abdul Muhammed Murtala
> >> AMerican University of Nigeria
> >> Lamido Zubairu way, Yola
> >> Adamawa
> >> +2348052001153, +2348056201237
> >>
> >> Network Manager
> >> MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST