You are incorrect. A 240 in a WC mask will, here, deny 16.x, 32.x, 48.x,
64.x, etc... (multiples of 16). You MASK is saying that you don't care what
the 4 higher order bits are, but you MUST have 0000 in the last 4 bits of
the octet in question. This will than only permit combinations of
00000000 0
00010000 16
00100000 32
00110000 48
01000000 64
01010000 80
01100000 96
01110000 112
10000000 128
10010000 144
10100000 160
10110000 176
11000000 192
11010000 208
11100000 224
11110000 240
-----Original Message-----
From: fgh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 1:23 PM
To: Ayers, Michael
Cc: [EMAIL PROTECTED]
Subject: Re: access list.. [7:13564]
He wants to block the range 128.252.0.0-128.252.240.0 and permit all else.
access-list 1 deny 128.252.0.0 0.0.240.255
access-list 1 permit any
I have a CCIE and a sniffer instructor sitting next to me and they verified
that the above commands work for blocking the range and permitting
everything else.
----- Original Message -----
From: Ayers, Michael
To: 'fgh' ;
Sent: Tuesday, July 24, 2001 3:04 PM
Subject: RE: access list.. [7:13564]
> That should be 0.0.15.255, but that allows 240, and you have it backwards,
> you need to permit the first line (access-list 1 deny 128.252.0.0
> 0.0.15.255), and then deny the class b , then permit all else
>
> -----Original Message-----
> From: fgh [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 24, 2001 1:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: access list.. [7:13564]
>
> access-list 1 deny 128.252.0.0 0.0.240.255
> access-list 1 permit any
>
> the 1st line blocks that range and the 2nd line allows all other traffic
>
>
> i think? not positive though
>
>
> ----- Original Message -----
> From: Farhan Ahmed
> To:
> Sent: Tuesday, July 24, 2001 1:28 PM
> Subject: access list.. [7:13564]
>
>
> > What mask would be used if you want to create an
> > access list where the IP addresses (128.252.0.0 to
> > 128.252.240.0) would be blocked
> > pls support with explanation,
> Privileged/Confidential Information may be contained in this message or
> attachments hereto. Please advise immediately if you or your employer do
> not consent to Internet email for messages of this kind. Opinions,
> conclusions and other information in this message that do not relate to
the
> official business of this company shall be understood as neither given nor
> endorsed by it.
Privileged/Confidential Information may be contained in this message or
attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13609&t=13564
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]