RE: Access List problem. [7:12525]

Mon, 16 Jul 2001 13:54:15 -0700 

The first 3 conditions definitely don't overlap, so the deny is all you
need, but the next 2 lines kind of overlap, and using only the deny
statement  (line 5) would block traffic that the prior permit statement
(line 4) would have allowed.   The only way to get rid of one of the lines
is to see if there is a real weird wildcard mask that could do a deny that
looks like the permit and deny together, but I can't see it right off.  

DON'T DELETE LINE 4!  

The remaining deny statement would deny all traffic from 172.22.x.y to hosts
64-128 on the 192.168.18 network. 
Line 4 would have allowed the hosts from 172.22.0-31.x to all of the
192.168.18.x network.  These conditions overlap and need to be there
separately.


access-list 101 permit ip host 172.22.30.6 10.0.0.0 0.255.255.255
 Someone sent me this and I just can't figure it out. I've been staring at
it
> and trying things since last week. Any ideas?
>
>
> Jeff Doyle says this access-list can be rewritten with 3 lines and still
> provide the same functionality.  Let me know if you guys figure out:
>
> access-list 101 permit ip 172.22.30.6 0.0.0.0 10.0.0.0 0.255.255.255
> access-list 101 permit ip 172.22.30.95 0.0.0.0 10.11.12.0 0.0.0.255
> access-list 101 deny ip 172.22.30.0 0.0.0.255 192.168.18.27 0.0.0.0
> access-list 101 permit ip 172.22.0.0 0.0.31.255 192.168.18.0 0.0.0.255
> access-list 101 deny ip 172.22.0.0 0.0.255.255 192.168.18.64 0.0.0.63
> access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
>
> Have fun...
>
>
> Thank You,
> Robert Fowler
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12550&t=12525
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to