If you use a 0.31.255.255 mask, you are going to block everything from .0
through .31 in the B's range. You may want to re-think your binary there!
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIP, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@xxxxxxxxxx/smorris@xxxxxxxxxxxx
http://www.ipexpert.net
-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Matthew Seppeler
Sent: Tuesday, October 05, 2004 9:29 AM
To: zou wei; ccielab@xxxxxxxxxxxxxx
Subject: RE: Filtering private ip address
Here you go.
access-list 1 deny 10.0.0.0 0.255.255.255 access-list 1 deny 172.0.0.0
0.31.255.255 access-list 1 deny 192.168.0.0 0.0.255.255 access-list 1 permit
any
Any fewer lines than this in trying to merge these network addresses into
one or two statements will end up excluding more networks than you intend to
filter.
Matt Seppeler
InterNetwork Experts
Email: mseppeler@xxxxxxxxx
-----Original Message-----
From: zou wei [mailto:zwzq@xxxxxxxxxxx]
Sent: Tuesday, October 05, 2004 2:48 AM
To: ccielab@xxxxxxxxxxxxxx
Subject: Filtering private ip address
Hi:
Could anyone tell me how to filter private addresses using the least
commands?
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Thanks
Wei
------------------------------------------------------------------------
Don�t just search. Find. Check out the new MSN Search!
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
