Okay...... default masks meaning classful class B.
128.252.0.0 with a subnet mask of 255.255.0.0
and
128.252.240.0 with a subnet mask of 255.255.0.0
On a router you would use the wildcard mask (inverse) of the subnet mask:
access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255
access-list 101 permit ip any any
Then apply it to the interface with ip access-group 101 in or out depending
on what interface it is applied to.
It is easy to envision what the wildcard mask is and what it does if we view
the decimal numbers in binary format:
wildcard mask 0.0.255.255 = 00000000.00000000.11111111.11111111
0's = interesting part of the address is to the router; 1's = portion of
address the router isn't going to care about....this portion of the accress
could be any number.
If you list the ip address in binary above the wildcard mask, it looks like
this:
128 . 252 . 0 . 0
10000000.11111100.00000000.00000000
00000000.00000000.11111111.11111111
0 . 0 . 252 . 252
The router will only view the portion of the address NOT blocked by 1's as
interesting: 128.252.x.x
You will need to grasp this concept before moving on to subnetting and
supernetting.
There are some excellent explanations for how this works in the Cisco Press
CCNA books.
To confirm, this is for routers and not the PIX ACLs.
HTH
MikeN
""Farhan Ahmed"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What mask would be used if you want to create an
> access list where the IP addresses (128.252.0.0 to
> 128.252.240.0) would be blocked
> pls support with explanation,
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13588&t=13564
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
