Jason Steig wrote: > > Hello all. I'am stumped on an access-list that i need to > create. What i did was i set up two routers using rip and put > loopbacks on one of them and advertised them in rip. I then > attempted to build an access-list allowing just these networks > to pass into the other router. The router with the loopbacks is > A the destination is B. so I know this will be a standard > access list (direction in) on router B's interface to router A. > > The requirements are > > allow any packet originating from 192.17.77.0 /24 > allow any packet originating from 192.17.73.0 /24 > allow any packet originating from 192.81.77.0 /24 > allow any packet originating from 192.81.73.0 /24 > allow any packet originating from 176.17.77.0 /24 > allow any packet originating from 176.17.73.0 /24 > allow any packet originating from 176.81.77.0 /24 > allow any packet originating from 176.81.73.0 /24 > > Hers what i think i can do > > with the 182 address i can do > permit ip 192.17.73.0 0.64.4.0
17 is 0001 0001 in binary 81 is 0011 0001 in binary The one place they DON'T agree is the bit in the 2^6 place, or 64. So you don't want 64, you want the opposite. Reverse all the bits from the answer you came up with. Remember 0 means must match. 1 means don't care. Then put that result in decimal. It looks like you need to reverse the bits from the answer you got for the next octet too. Priscilla > > because the 64 will increase the second octet to 81 then the 4 > in the third bit will increase the network to 77. Is this how i > would impliment this filtering policy in just two statements? > The same way with the 176 networks? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63670&t=63644 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
