""Ted Marinich"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Josh, > > No I never have. frp is a typo - should be FTP.
CL: I believe I gave a good pointer and a good start in my earlier reply. > > access-list 101 deny tcp host 135.152.1.1 eq ftp any > access-list 101 deny tcp host 135.152.1.1 eq http any > access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq ftp any > access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq http any > access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq ftp any > access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq http any > access-list 102 permit tcp any any > > Also, "access-list 102 permit tcp any any" should be "access-list 101 permit > tcp any any" > > Sorry, for the confusion. Cisco's focus seems to be centered on the ACL > size. I am focused on a practical solution. I want clearification so I know > what to practise for. CL: consider the possibility that the Cisco answer in your study source is wrong. CL: at the risk of being considered a jerk, I believe I demonstrated how to figure this stuff out in an earlier reply - write it out in binary and determine your "care" and "don't care" bits. I believe by my demonstration I determined that for the first octet, at least, the Cisco answer was not correct, and I showed what the correct answer was, for the first octet. I left it to you to do the rest. CL: Cisco's focus, based on what you have presented, is to determine whether or not you know how the masks work when filtering addresses. Look - you took the first step. You went to B--O--S--O--N and used their wildcard mask calculator to discover that the Cisco answer permitted more networks than required. So you know how to use the tool. But you have to take the next step yourself. CL: sorry to be acting righteous here, but when you're sitting in a Cisco test, be it CCNA or CCIE Lab, and all you have is a pencil and paper, there is only one way to do it. Believe me, proper wildcard masking comes up everywhere. whether you are doing opsf network masks, eigrp network masks ( neat feature! ) distibute-lists, route-maps, or whatever. > > Cisco's answer is: > > access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq http any > access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq ftp any > access-list 102 permit tcp any any Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59268&t=58644 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]