There are times you wish you could suck something back as soon as you hit
the enter key... :-)
Reading too fast I thought #1 got down to 0 instead of "100"
Which means that both lists result in the same results.
Kevin Wigle
----- Original Message -----
From: "Kevin Wigle"
To:
Sent: Wednesday, 19 September, 2001 21:49
Subject: Re: More fun with Access Lists [7:20477]
> Don't really want to talk about access lists :-)
>
> But this is a simple test really.......
>
> access-list 10 deny 192.168.100.128 0.0.0.127 = deny 128-255
> access list 10 deny 192.168.100.112 0.0.0.15 = deny 112-127
> access-list 10 deny 192.168.100.104 0.0.0.7 = deny 104-111
> access-list 10 deny 192.168.100.100 0.0.0.3 = deny 100-103
> access-list 10 permit any any = permit everything else
>
> results in deny 192.168.100.0 0.0.0.255
> or the entire Class C of 192.168.100.0
> and let everything else through
>
> access-list 10 permit 192.168.100.0 0.0.0.63 = permit 0-63
> access-list 10 permit 192.168.100.64 0.0.0.31 = permit 64-95
> access-list 10 permit 192.168.100.96 0.0.0.3 = permit 96-99
> access-list 10 deny 192.168.100.0 0.0.0.255 = deny 0-255
> access-list 10 permit any any = permit everything else
>
> results in permitting 192.168.100.0 to 192.168.100.99
> denying the rest of the Class C, specifically 192.168.100.100 -
> 192.168.100.255
> and let everything else through
>
> so no, they're not the same
>
> So what you have here is a lesson that ACLs work from top down and stop at
> the first match.
>
> In the first set, all the statements are "deny" which accumulate to deny
the
> entire Class C
>
> In the second set you're permitting 0-99 and then the rest of the Class C
is
> denied.
>
> So, even though #1 is equivalent to:
>
> access-list 10 deny 192.168.100.0 0.0.0.255 (which appears in set #2
which
> is probably the "trick")
>
> #2 has those permits that get processed first.
>
>
> Kevin Wigle
>
>
>
> ----- Original Message -----
> From: "Dennis Laganiere"
> To:
> Sent: Wednesday, 19 September, 2001 20:38
> Subject: More fun with Access Lists [7:20477]
>
>
> > Are these the same, and what do they do? Anybody want to talk about
> access
> > lists?
> >
> > access-list 10 deny 192.168.100.128 0.0.0.127
> > access list 10 deny 192.168.100.112 0.0.0.15
> > access-list 10 deny 192.168.100.104 0.0.0.7
> > access-list 10 deny 192.168.100.100 0.0.0.3
> > access-list 10 permit any any
> >
> >
> > access-list 10 permit 192.168.100.0 0.0.0.63
> > access-list 10 permit 192.168.100.64 0.0.0.31
> > access-list 10 permit 192.168.100.96 0.0.0.3
> > access-list 10 deny 192.168.100.0 0.0.0.255
> > access-list 10 permit any any
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20481&t=20477
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
