Thanks a lot for this detailed explanation.
>From: "Daniel Thiffeault" >Reply-To: "Daniel Thiffeault" >To: [EMAIL PROTECTED] >Subject: Re: Basic ACL Q [7:39334] >Date: Sun, 24 Mar 2002 08:46:08 -0500 > >you want to block 172.16-31.0.0 > >16 0001 0000 >17 0001 0001 >18 0001 0010 >19 0001 0011 >20 0001 0100 >21 0001 0101 >22 0001 0110 >23 0001 0111 >24 0001 1000 >25 0001 1001 >26 0001 1010 >27 0001 1011 >28 0001 1100 >29 0001 1101 >30 0001 1110 >31 0001 1111 > >from that you notice that the first 4 bits of the second octet never >changes- they always are 0001. Those are the bits you do not want to touch. >Those are the "Care bits". The last four bits of the second octet are the >ones that are changing- Those bits could be either 0 or 1. It does not >matter. They are the "don't care bits". >The "don't care bits" in wildcard mask are replaced by ones. The "care >bits" >are replaced by zeroes. > >You want the first octect to be 172 and nothing else - you are caring >You want the first four bits of the second octet to be 0001 and nothing >else - you are caring about those first four bits. >You allow the last four bits of the second octet to either take the value 1 >or 0 - you are not caring about their values >You are not caring about the third octet >You are not caring about the fourth octet > > >now the wildcard mask should be: 0000 0000 0000 1111 1111 1111 1111 >1111 > 0 >15 255 255 > > >You have 172.16.0.0 0.15.255.255 > >To verify if your mask is working accordingly you OR the two values. it >gives > >1010 1100 0001 0000 0000 0000 0000 0000 (172.16.0.0) >0000 0000 0000 1111 1111 1111 1111 1111 (0.15.255.255) > >1010 1100 0001 1111 1111 1111 1111 1111 (172.31.255.255) > > >Now you test for example 172.20.0.0. OR this value with the wildcard mask > >1010 1100 0001 0100 0000 0000 0000 0000 (172.20.0.0) >0000 0000 0000 1111 1111 1111 1111 1111 (0.15.255.255) > >1010 1100 0001 1111 1111 1111 1111 1111 (172.31.255.255) > >This is the same value. You could repeat the operation with any values in >yo >u range and it will always give you the same (172.31.255.255) when ORed >with >the wildcard mask. > >Finally you should have: > >access-list 90 deny 172.16.0.0 0.15.255.255 >access-list 90 permit any > > > > > > > > > > > >""IT Guy"" a icrit dans le message news: >[EMAIL PROTECTED] > > Hi everyone, > > > > Just wondering how I can block whole range from 172.16.0.0 to >172.31.255.255 > > using one ACL?? > > > > My guess is it shoud be , > > > > access-list 90 permit 172.16.0.0 0.240.255.255 ?? Please comment?? > > > > > > Thkx > > > > Tom > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp. s Detaile _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39979&t=39334 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
