Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255
128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all
of the class b
Thank You,
Michael Ayers
Network Engineer
> OneNeck IT Services
(480) 539-2203
(800) 272-3077
-----Original Message-----
From: MikeN [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 12:49 PM
To: [EMAIL PROTECTED]
Subject: Re: access list.. [7:13564]
Okay...... default masks meaning classful class B.
128.252.0.0 with a subnet mask of 255.255.0.0
and
128.252.240.0 with a subnet mask of 255.255.0.0
On a router you would use the wildcard mask (inverse) of the subnet mask:
access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255
access-list 101 permit ip any any
Then apply it to the interface with ip access-group 101 in or out depending
on what interface it is applied to.
It is easy to envision what the wildcard mask is and what it does if we view
the decimal numbers in binary format:
wildcard mask 0.0.255.255 = 00000000.00000000.11111111.11111111
0's = interesting part of the address is to the router; 1's = portion of
address the router isn't going to care about....this portion of the accress
could be any number.
If you list the ip address in binary above the wildcard mask, it looks like
this:
128 . 252 . 0 . 0
10000000.11111100.00000000.00000000
00000000.00000000.11111111.11111111
0 . 0 . 252 . 252
The router will only view the portion of the address NOT blocked by 1's as
interesting: 128.252.x.x
You will need to grasp this concept before moving on to subnetting and
supernetting.
There are some excellent explanations for how this works in the Cisco Press
CCNA books.
To confirm, this is for routers and not the PIX ACLs.
HTH
MikeN
""Farhan Ahmed"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What mask would be used if you want to create an
> access list where the IP addresses (128.252.0.0 to
> 128.252.240.0) would be blocked
> pls support with explanation,
Privileged/Confidential Information may be contained in this message or
attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13599&t=13564
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
