RE: ACL Question -

From: mgreenlee@ipexpert.com
Date: Sat Mar 22 2008 - 01:20:42 ART

Here's a thought, use binary and create an ACL, just like the person asked.
Not everything is a one-line answer, or some sneaky "trick". Sometimes you
need to be able to show some intelligence and step through a problem. Class
maps and VLAN maps can be nice and pretty, but if you're explicitly told to
create an ACL, perhaps you should demonstrate that you can create an ACL,
and show them your mad binary skillz. :-)

Z linux, here you go, line explanation follows:

1. permit 0.0.0.0 127.255.255.255 172.20.1.0 0.0.0.15
2. permit 128.0.0.0 63.255.255.255 172.20.1.0 0.0.0.15
3. permit 192.0.0.0 0.127.255.255 172.20.1.0 0.0.0.15
4. permit 192.128.0.0 0.31.255.255 172.20.1.0 0.0.0.15
5. permit 192.160.0.0 0.7.255.255 172.20.1.0 0.0.0.15
6. permit 192.168.0.0 0.0.0.255 172.20.1.0 0.0.0.15
7. permit 192.168.2.0 0.0.1.255 172.20.1.0 0.0.0.15
8. permit 192.168.4.0 0.0.3.255 172.20.1.0 0.0.0.15
9. permit 192.168.8.0 0.0.7.255 172.20.1.0 0.0.0.15
10. permit 192.168.16.0 0.0.15.255 172.20.1.0 0.0.0.15
11. permit 192.168.32.0 0.0.31.255 172.20.1.0 0.0.0.15
12. permit 192.168.64.0 0.0.63.255 172.20.1.0 0.0.0.15
13. permit 192.168.128.0 0.0.127.255 172.20.1.0 0.0.0.15
14. permit 192.169.0.0 0.0.255.255 172.20.1.0 0.0.0.15
15. permit 192.170.0.0 0.1.255.255 172.20.1.0 0.0.0.15
16. permit 192.172.0.0 0.3.255.255 172.20.1.0 0.0.0.15
17. permit 192.176.0.0 0.15.255.255 172.20.1.0 0.0.0.15
18. permit 192.192.0.0 0.63.255.255 172.20.1.0 0.0.0.15
19. permit 193.0.0.0 0.255.255.255 172.20.1.0 0.0.0.15
20. permit 194.0.0.0 1.255.255.255 172.20.1.0 0.0.0.15
21. permit 196.0.0.0 3.255.255.255 172.20.1.0 0.0.0.15
22. permit 200.0.0.0 7.255.255.255 172.20.1.0 0.0.0.15
23. permit 208.0.0.0 15.255.255.255 172.20.1.0 0.0.0.15
24. permit 224.0.0.0 31.255.255.255 172.20.1.0 0.0.0.15

1. permit 0 to 127, first octet
2. permit 128 to 191, first octet
3. permit 192 first octet, 0 to 127 second octet
4. permit 192.128 to 192.159
5. permit 192.160 to 192.167
6. permit 192.168.0.0 to 192.168.0.255
7 permit 192.168.2 to 192.168.3
8 permit 192.168.4 to 192.168.7
9 permit 192.168.8 to 192.168.15
10 permit 192.168.16 to 192.168.31
11 permit 192.168.32 to 192.168.63
12 permit 192.168.64 to 192.168.127
13 permit 192.168.128 to 192.168.255
14 permit 192.169.0 to 192.169.255
15 permit 192.170. to 192.171
16 permit 192.172 to 192.175
17 permit 192.176 to 192.191.
18 permit 192.192 to 192.255
19 permit 193.0 to 193.255
20 permit 194.0 to 195.255
21 permit 196 to 199
22 permit 200 to 207
23 permit 209 to 223
24 permit 224 to 255

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
A Cisco Learning Partner - We Accept Learning Credits!
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
 
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
Certifications.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Z
Linux
Sent: Friday, March 21, 2008 12:41 PM
To: ccielab@groupstudy.com
Subject: ACL Question -

Hi 2 All,

Plz help with solution :-

configure an acl with name "ABC" to obtain the following requirement.
Deny all ip traffic from 192.168.1.0/24 to subnet 172.20.1.0/28Permit any
other traffic to 172.20.1.0/28
Do not use any deny statements, Use only Permit statements.........

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART