Re: new access list problem [7:63715] posted 02/25/2003
- Subject: Re: new access list problem [7:63715]
- From: "Priscilla Oppenheimer" <nobody@xxxxxxxxxxxxxx>
- Date: Tue, 25 Feb 2003 20:36:39 GMT
I replied too and it wasn't posted. That is SO annoying. I'm tempted to
never post again.
Anyway, your answer is wrong because it doesn't catch 74, 75, and 76, and he
said he wanted a range.
You have to use 0.0.7.255, which has an unfortunate (but unavoidable) side
effect of catching 72, and 78 and 79.
Two other answers:
1) Put it in binary. Don't use a wildcard mask calculator.
2) Summarize your addresses and you won't have these confusing messes.
Summarization is good for performance reasons as well as security. The last
thing you want is to have to spend hours arguing over an access list. You
want to get it working with little fuss and start implementing your security
Robert Edmonds wrote:
> I replied earlier, but it didn't seem to come through. Anyway,
> you should
> use the wildcard mask 0.0.4.255. That will match the addresses
> 220.127.116.11 - 18.104.22.168, which I think is what you want.
> In case you
> don't already have it, download Boson's free wildcard mask
> calculator at the
> following link.
> Hope that helps.
> ""Jason Steig"" wrote in message
> > Hello i networks 22.214.171.124 - 126.96.36.199
> > is there anyway to deny these networks with one entry in an
> access list?
> > such as deny 188.8.131.52 0.0.248.255?
> > is this going to deny these networks? it's also going to
> black hole
> > other networks though. Or does the list have to be
> > deny 184.108.40.206 0.0.7.255 ?
> > i thought zeros must match and ones we don't care.
Message Posted at:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx