From: Michael Zuo (mzuo@ixiacom.com)
Date: Mon Nov 27 2006 - 18:31:17 ART
Personally I think the best way to do this is to write them out in
binary form. For all the bits that are the same, you "care" and put in 0
for the mask, for the bits that are different, you put in "don't care"
(ie 1).
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Gabriel Nunes
Sent: Monday, November 27, 2006 7:47 AM
To: Nick Griffin
Cc: Lab Rat #109385382; cisco@groupstudy.com; Cisco certification;
security@groupstudy.com
Subject: Re: ACL Discontiguous Network Matching Question
Thanks for the advice Nick!
I was needing to study this as well!
On 11/27/06, Nick Griffin <nick.jon.griffin@gmail.com> wrote:
>
> IE has a good link for this:
>
> http://www.internetworkexpert.com/resources/01700370.htm
>
> On 11/27/06, Lab Rat #109385382 <techlist01@gmail.com> wrote:
> >
> > I know how to derive the inverse mask for matching an ACL to
> discontiguous
> > subnets, but how does one derive the network address again? I must
have
> > forgotten this part of the procedure.
> >
> > For example, if I'm supposed to match the following networks using a
> > single
> > ACL:
> >
> > 199.1.101.0/24
> > 199.1.109.0/24
> > 199.1.197.0/24
> > 199.1.204.0/24
> >
> > What is the network statement to use in the ACL? More importantly,
> > why? If
> > there is a Doc CD location that explains this logic in detail, that
> would
> > be
> > great.
> >
> > Thanks,
> >
> > Ed
> >
> >
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART