I have two parts of a large network, the first part using 141.120.0.0
thru 141.120.7.255 and the second part using 141.120.128.0 thru
141.120.135.255. At the router connecting to Internet I want access from
outside limited only to these subnets and not to other addresses used. I
know that the following will work for TCP:
access-list 101 tcp permit any 141.120.0.0 0.0.7.255
access-list 101 tcp permit any 141.120.128.0 0.0.7.255
I want to condesnse this to a single statement as follows:
access-list 101 tcp permit any 141.120.0.0 0.0.135.255
Will this work?
For example 141.120.9.2 should not be allowed.
In binary 141.120.9.2 is 10001101.01111000.00001001.00000010.
My understanding of the steps of how the access-list works is :
1) perform a NOT the mask, which gives in binary
11111111.11111111.01111000.00000000
2) perform an AND between this and the IP address, which gives in binary
10001101.01111000.00001000.00000000
3) compare the result with the original IP address in the access-list
the comparison fails
4) if successful, allow, otherwise drop.
so the packet is dropped.
Is the above correct?
I don't have a lab to test this. I would appreciate any help. Thanks.
Nelluri
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
