- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: new access list problem [7:63715] posted 02/25/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

I replied too and it wasn't posted. That is SO annoying. I'm tempted to
never post again.

Anyway, your answer is wrong because it doesn't catch 74, 75, and 76, and he
said he wanted a range.

You have to use, which has an unfortunate (but unavoidable) side
effect of catching 72, and 78 and 79.

Two other answers: 

1) Put it in binary. Don't use a wildcard mask calculator.
2) Summarize your addresses and you won't have these confusing messes.

Summarization is good for performance reasons as well as security. The last
thing you want is to have to spend hours arguing over an access list. You
want to get it working with little fuss and start implementing your security
policy ASAP.


Robert Edmonds wrote:
> I replied earlier, but it didn't seem to come through.  Anyway,
> you should
> use the wildcard mask  That will match the addresses
> -, which I think is what you want. 
> In case you
> don't already have it, download Boson's free wildcard mask
> calculator at the
> following link.
> Hope that helps.
> Robert
> ""Jason Steig""  wrote in message
> news:200302251426.OAA17655@xxxxxxxxxxxxxxxxx
> > Hello i networks -
> >
> > is there anyway to deny these networks with one entry in an
> access list?
> >
> >
> > such as deny
> >
> > is this going to deny these networks?  it's also going to
> black hole
> several
> > other networks though.  Or does the list have to be
> >
> > deny ?
> >
> > i thought zeros must match and ones we don't care.

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx