RE: ACL question

From: Scott Morris (swm@xxxxxxxxxx)
Date: Wed Feb 13 2002 - 21:41:57 GMT-3

• Next message: Chua, Parry: "RE: route-map logic"
• Previous message: Carolyn Camarda: "Regarding Access-Expressions - Confirmation Needed"
• Maybe in reply to: Sam.MicroGate@xxxxxxxxxxxxxx: "ACL question"
• Next in thread: Jay Hennigan: "Re: ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Yes, would all translate to that. However, they would all be equally
inaccurate, because you would then be permitting things you weren't asked
to.

You could do:

access-list 1 deny 192.168.120.0 0.0.1.255
access-list 1 deny 192.168.122.0 0.0.0.255
access-list 1 permit 192.168.120.0 0.0.7.255

THAT would work also. However. It's one extra line statement than what I
had below. Therefore, not the most efficient.

Remember, with access-lists there are two goals:

1. Accomplish what is asked (and ONLY what is asked, no extra holes)
2. Be as efficient as possible (would you rather follow 122 step
instructions or 4 step intructions?)

Scott

-----Original Message-----
From: Lab Candidate [mailto:labccie@yahoo.com]
Sent: Wednesday, February 13, 2002 7:33 PM
To: swm@emanon.com; Sam.MicroGate@usa.telekom.de; ccielab@groupstudy.com
Subject: RE: ACL question

Scott, I know I said access-list is correct. but don't
these access-lists all translate to
access-list n permit 192.168.120.0 0.0.7.255 ?

So all these access-lists are correct.

--- Scott Morris <swm@emanon.com> wrote:
> Access list one would translate to:
>
> access-list 1 permit 192.168.120.0 0.0.7.255
>
> Because that's where the bit boundary is. :) Remember, we aren't working
in
> decimal sequential order, we're really working in binary.
>
> Scott
>
> -----Original Message-----
> From: Lab Candidate [mailto:labccie@yahoo.com]
> Sent: Wednesday, February 13, 2002 5:32 PM
> To: Scott Morris; Sam.MicroGate@usa.telekom.de; ccielab@groupstudy.com
> Subject: RE: ACL question
>
>
> I'd say access-list 1 is right, it can do what he is asking for.
>
> --- Scott Morris <swm@emanon.com> wrote:
> > F. None of the above...
> >
> > Because of bit boundaries though, you can't summarize quite so nicely.
> >
> > access-list 6 permit 192.168.123.0 0.0.0.255
> > access-list 6 permit 192.168.124.0 0.0.3.255
> >
> > That will cover 123, 124, 125, 126 and 127. The implicit deny will
catch
> > 128 and 129....
> >
> > Hope that helps.
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Sam.MicroGate@usa.telekom.de
> > Sent: Wednesday, February 13, 2002 4:02 PM
> > To: ccielab@groupstudy.com
> > Subject: ACL question
> >
> >
> > Suppose that the backbone is advertising the following routes:
> > 192.168.123.0/24
> > 192.168.124.0/24
> > 192.168.125.0/24
> > 192.168.126.0/24
> > 192.168.127.0/24
> > 192.168.128.0/24
> > 192.168.129.0/24
> > I need to filter .128 and .129 and pass every thing else. which of the
> > following access list is correct
> > access-list 1 permit 192.168.123.0 0.0.7.255 or
> > access-list 2 permit 192.168.124.0 0.0.7.255 or
> > access-list 3 permit 192.168.125.0 0.0.7.255 or
> > access-list 4 permit 192.168.126.0 0.0.7.255 or
> > access-list 5 permit 192.168.127.0 0.0.7.255

• Next message: Chua, Parry: "RE: route-map logic"
• Previous message: Carolyn Camarda: "Regarding Access-Expressions - Confirmation Needed"
• Maybe in reply to: Sam.MicroGate@xxxxxxxxxxxxxx: "ACL question"
• Next in thread: Jay Hennigan: "Re: ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:22 GMT-3