Re: access list.. [7:13564]

Tue, 24 Jul 2001 12:52:30 -0700 

i dont think the access list here you listed will block the whole range. He
is asking to block the range, not the 2 individual ip addresses.




----- Original Message -----
From: MikeN 
To: 
Sent: Tuesday, July 24, 2001 2:48 PM
Subject: Re: access list.. [7:13564]


> Okay...... default masks meaning classful class B.
> 128.252.0.0 with a subnet mask of 255.255.0.0
>  and
> 128.252.240.0  with a subnet mask of 255.255.0.0
>
> On a router you would use the wildcard mask (inverse) of the subnet mask:
>
> access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255
> access-list 101 permit ip any any
> Then apply it to the interface with ip access-group 101 in or out
depending
> on what interface it is applied to.
>
> It is easy to envision what the wildcard mask is and what it does if we
view
> the decimal numbers in binary format:
> wildcard mask 0.0.255.255 = 00000000.00000000.11111111.11111111
> 0's = interesting part of the address is to the router; 1's = portion of
> address the router isn't going to care about....this portion of the
accress
> could be any number.
>
> If you list the ip address in binary above the wildcard mask, it looks
like
> this:
>        128   .     252     .      0        .      0
> 10000000.11111100.00000000.00000000
> 00000000.00000000.11111111.11111111
>         0      .      0        .    252     .     252
>
> The router will only view the portion of the address NOT blocked by 1's as
> interesting: 128.252.x.x
>
> You will need to grasp this concept before moving on to subnetting and
> supernetting.
>
> There are some excellent explanations for how this works in the Cisco
Press
> CCNA books.
>
> To confirm, this is for routers and not the PIX ACLs.
>
> HTH
> MikeN
>
>
> ""Farhan Ahmed""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > What mask would be used if you want to create an
> > access list where the IP addresses (128.252.0.0 to
> > 128.252.240.0) would be blocked
> > pls support with explanation,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13595&t=13564
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to