On 18 June 2010 18:44, Mirco Orlandi <mirco.orlandi_at_gmail.com> wrote:
> Hi,
>
> Match logic is correct. You forgot only the "explicit permit any" at the
> end.
>
> ip access 1 permit 10.10.15.0 0.0.0.255
> ip access 1 deny 10.10.1.0 0.0.14.255
> ip access 1 permit any
>
That one will block net 1,3,5,7,9,11,13 and permit net 15
now
if i want to give access net 1,3,5,7,9,11,13 and block net 15
will be like
ip access 1 deny 10.10.15.0 0.0.0.255
ip access 1 permit 10.10.1.0 0.0.14.255
i don't need to last with ip access 1 deny any as it is already
explicitly there ? I am right ?
>
> --
> Mirco
>
> Il giorno 18/giu/2010, alle ore 16.03, Taufik Kurniawan <ktaufik_at_gmail.com>
> ha scritto:
>
> Hi,
> kindly confirm ...
> 1. I want to deny the traffic from the following networks 10.10.1.0,
> 10.10.3.0, 10.10.5.0, 10.10.7.0, 10.10.9.0, 10.10.11.0 and 10.10.13.0 with
> all /24
>
> and I am doing this ....
>
> ip access 1 permit 10.10.15.0 0.0.0.255
> ip access 1 deny 10.10.1.0 0.0.14.255
>
>
> please kindly confirm, am i doing right ?
>
> thanks
>
>
> Blogs and organic groups at <http://www.ccie.net>http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Jun 19 2010 - 09:45:08 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:37 ART